 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.10648 |
| Categoría: | FTP |
| Título: | ftp 'glob' overflow |
| Resumen: | NOSUMMARY |
| Descripción: | Description: It was possible to make the remote FTP server crash by creating a huge directory structure and then attempting to listing it using wildcards. This is usually known as the 'ftp glob overflow' attack. It is very likely that an attacker can use this flaw to execute arbitrary code on the remote server. This will give him a shell on your system, which is not a good thing. Solution : upgrade your FTP server and/or libc Consider removing directories writable by 'anonymous'. Risk factor : High |
| Referencia Cruzada: |
BugTraq ID: 2548 Common Vulnerability Exposure (CVE) ID: CVE-2001-0247 http://www.securityfocus.com/bid/2548 http://www.cert.org/advisories/CA-2001-07.html FreeBSD Security Advisory: FreeBSD-SA-01:33 http://archives.neohapsis.com/archives/freebsd/2001-04/0466.html NAI Advisory: 20010409 Globbing Vulnerabilities in Multiple FTP Daemons (Google Search) http://www.nai.com/research/covert/advisories/048.asp NETBSD Security Advisory: NetBSD-SA2000-018 ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.asc SGI Security Advisory: 20010802-01-P ftp://patches.sgi.com/support/free/security/advisories/20010802-01-P XForce ISS Database: ftp-glob-expansion(6332) https://exchange.xforce.ibmcloud.com/vulnerabilities/6332 |
| Copyright | This script is Copyright (C) 2001 Renaud Deraison |
| Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |