9792.txt

来自「This is the snapshot of Snot Latest Rule」· 文本 代码 · 共 57 行

Rule:  

--
Sid:
9792

--
Summary:
This event is generated when an attempt is made to exploit a known vulnerability in WinFTP server.

--
Impact:
Execution of arbitrary code. Possible unauthorized root access.

--
Detailed Information:
WinFTP fails to perform sufficient checks on user supplied data to the daemon. An attacker may exploit this vulnerability to execute code of their choosing as the root user. This may also lead to remote root access to the server.

--
Affected Systems:
WinFTP 2.0.2

--
Attack Scenarios:
An attacker may use a publicly available exploit script to take advantage of the vulnerability.

--
Ease of Attack:
Simple. Exploit code exists.

--
False Positives:
None known.

--
False Negatives:
None known.

--
Corrective Action:
Apply the appropriate vendor supplied patches.

Upgrade to the latest non-affected version of the software.

Use scp/sftp as an alternative to ftp.

--
Contributors:
Sourcefire Vulnerability Research Team
Brian Caswell <bmc@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

-- 
Additional References:

--