1734.txt

snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具

Rule:

--
Sid:
1734

--
Summary:
This event is generated when an attempt is made to exploit a buffer
overflow or denial of service vulnerability associated with FTP USER command. 

--
Impact:
Remote access or denial of service.  A successful attack can cause a
denial of service or allow remote execution of arbitrary commands with
privileges of the process running the FTP server. 

--
Detailed Information:
This event is generated when an attempt is made to exploit various
vulnerabilities associated with the FTP USER command of different FTP
servers. It is possible to cause a denial of service attack or gain
remote access to execute arbitrary commands with the privileges of the
process running the FTP server by sending an overly long argument with
the FTP USER command. 

--
Affected Systems:
	bftpd 1.0.11.
	BlackMoon FTP Server 1.0 through 1.5. 
	CesarFTPD 0.98b. 
	A-FTP Anonymous FTP Server.
	Argosoft FRP server 1.0.
	TYPSoft FTP Server 0.78. 
	AnalogX proxy server 4.04 and earlier 
	Dragon FTP server.

--
Attack Scenarios:
An attacker can supply an overly long file argument with the USER
command, causing a denial of service or buffer overflow.

--
Ease of Attack:
Simple.  

--
False Positives:
None Known.

--
False Negatives:
None Known.

--
Corrective Action:
Upgrade to the latest non-affected version of the software.

--
Contributors:
Sourcefire Research Team
Brian Caswell <bmc@sourcefire.com> 
Nigel Houghton <nigel.houghton@sourcefire.com>
Judy Novak <judy.novak@sourcefire.com>

--
Additional References:

--