2337.txt

来自「snort入侵检测规则文件2.4 Snort是众所周知的网络入侵检测工具」· 文本 代码 · 共 67 行

Rule:

--
Sid: 
2337

--
Summary:
This event is generated when an attempt is made to exploit a known
vulnerability in Tellurian TftpdNT.

--
Impact:
Execution of arbitrary code. Possible unauthorised root access.

--
Detailed Information:
FTP is used to transfer files between hosts. This event is indicative of spurious
activity in FTP traffic between hosts.

It is possible for an attacker to expoit a buffer overrun condition in
Tellurian TftpdNT. User supplied filenames are not correctly handled by
some versions of Tellurian TftpdNT, this may result in an attacker being
able to cause the overrun condition to occur.

--
Affected Systems:
	Tellurian TftpdNT 2.0 and prior

--
Attack Scenarios:
An attacker may use a publicly available exploit script to take
advantage of the vulnerability.

--
Ease of Attack:
Simple. Exploit code exists.

--
False Positives:
None Known

--
False Negatives:
None Known

--
Corrective Action:
Apply the appropriate vendor supplied patches.

Upgrade to the latest non-affected version of the software.

Disallow access to FTP resources from hosts external to the protected network.

Use secure shell (ssh) to transfer files as a replacement for FTP.

--
Contributors:
Sourcefire Research Team
Brian Caswell <brian.caswell@sourcefire.com>
Nigel Houghton <nigel.houghton@sourcefire.com>

--
Additional References:

--