336.txt

来自「This is the snapshot of Snot Latest Rule」· 文本代码 · 共 81 行

TXT

81 行

Rule:--Sid:336--Summary:This event is generated when an attempt is made to access roots home directory in an ftp session.--Impact:Serious. Information disclosure.--Detailed Information:An ftp command to change directories to root's home directory has been made. If roots home directory is world readable and is within the ftp root, the contents may be viewed or downloaded in an ftp session.Under normal ftp usage (by non-root users), this should never occur.  --Affected Systems: --Attack Scenarios:Scenario A:1. Remote attacker has gained root password/access, or is able to access root's home directory.2. Attacker will be able to replace important system files at their will, possibly gaining shell access as root.Scenario B:1. System administrator (root) connects to the system via un-encrypted ftp.2. An attacker, listening in on the tcp/ip traffic, gains root's password since it was transmitted in 'clear-text'.3. The attacker can now log in as root.Scenario C:1. The ~root directory is world readable.2. Sensitive files that may exist in this directory can now be accessed by anyone.--Ease of Attack:Scenario A: depends on how the attacker gained root's passwordScenario B: trivial for someone on the same network or on the route to the target system.Scenario C: Simple.--False Positives:None KnownThe administrator has legitimately logged into this machine from a remote location. Note: this still has the potential for a security breach (see Scenario B).--False Negatives:None KnownAccessing other system critical directories other than ~root (for example, /etc, where passwd/shadow files are kept) could indicate the same comprimise.--Corrective Action:Disallow ftp login for root, consider using something more secure than ftp for root file transfers.Make sure root's home directory is NOT world readable.Root's password may have been discovered, take apropriate action.--Contributors:Original rule writer unknownOriginal document author unkownSourcefire Vulnerability Research TeamNigel Houghton <nigel.houghton@sourcefire.com>Snort documentation contributed by Jeremy Stashewsky <jstash@omitthis.uvic.ca>-- Additional References:RFC 959:File Transfer Protocol http://www.ietf.org/rfc/rfc959.txtOSVDB:http://www.osvdb.org/73--

336.txt - 源码说明

本页面展示了「This is the snapshot of Snot Latest Rules」中的 336.txt 源码文件，采用文本编程语言编写，共 81 行代码。您可以在线阅读完整代码内容，也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与snapshot相关的技术资源，包括源代码、技术文档、电路图等，是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C

搜索代码Ctrl + F

全屏模式F11

增大字号Ctrl + =

减小字号Ctrl + -

显示快捷键?