FTP flaw makes servers insecure
Security analysts have issued warnings about a software flaw that they said could allow intruders to gain unauthorized access to remote file transfer protocol (FTP) servers.
In an advisory issued last week, Network Associates' PGP Security division said the problem is related to the "globbing" command used in Unix shells. The command essentially acts as a path name generator, allowing users to search for multiple file names by entering shorthand commands that are then used by the software to search for common patterns.
Santa Clara, Calif.-based PGP said its Computer Vulnerability Emergency Response Team found a flaw that allows the pattern expansion done through the glob function to instead be directed to cause various buffer overflows in FTP servers -- a capability that could enable malicious attackers to gain root-level privileges.
The problem is said to usually affect only FTP servers that give remote users the ability to create directories on the system hosting the FTP daemon. That will likely restrict the vulnerability's threat, said Greg Shipley, security services director at consulting firm Neohapsis in Chicago.
"In addition to the threat of data loss or attacks against private networks, many Web server administrators rely on FTP to post content to their Web servers," said Jim Magdych, manager of the emergency response team at PGP. "These vulnerabilities could offer an easy avenue of approach for an attacker intent on defacing Websites."
The CERT Coordination Center at Carnegie Mellon University in Pittsburgh also posted a notice on its Web site about the FTP flaw. The buffer management flaw could let intruders execute arbitrary code on an FTP server and "may be confused with a related denial-of-service problem," CERT said.
PGP said that until patches are available, remote intrusions can be prevented by ensuring that no directories exist that can be written to by an anonymous FTP user. BSD and Irix users should also be sure that none of their FTP directories have names with more than eight characters, the company said. However, PGP noted, neither of those precautions will stop local users.
» posted by ITworld staff
Computerworld
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
