Hi all,
I’m doing some tests against my Windows 2000 System with and IDS (Intrusion Detection Scanner)
based on a Unix box.
I found out something interesting about the FTP Service and the TCP/IP Session Number generator
and I would like to discuss it.
Here is the report of the scanner:
==================================================
Microsoft FTP Server 5.0 : Win2K
192.168.0.100 ftp (21/tcp)
REPORT The remote FTP server closes
the connection when one of the commands
USER, PASS or HELP is given with a too long argument.
This probably due to a buffer overflow, which
allows anyone to execute arbitrary code on the remote host.
This problem is threatening, because the attackers don’t need an account
to exploit thisflaw.;
Solution : Upgrade your FTP server or change it;
Risk factor : High
192.168.0.100 ftp (21/tcp)
REPORT It was possible to make the remote FTP server
crash by issuing this command : CEL aaaa[…]aaaa
This problem is known has the ‘aix ftpd’ overflow and