No data if it effects Linux servers yet.
A newly discovered security hole in the software that moves files
between computers and over the Internet is a virtual open door that
allows
an attacker to take over and completely control vulnerable networks.
PGP Security has identified a hole in File Transfer Protocol (FTP)
server systems from many major vendors, including Sun Microsystems,
Silicon
Graphics and Hewlett Packard.
"This problem has serious repercussions, including the threat of data
loss and attacks against private networks," said Jim Magdych, security
research manager for PGP Security.
The problem is caused by a flaw in the technology that many FTP
servers use to handle searches for files. This flaw can allow an
attacker to
take full control of the vulnerable system.
Once an attacker has taken control, he can do anything on the system
that the system administrator can do, including reading, replacing or
deleting data, and altering the contents of websites. He can also
replace
downloadable files with malicious files containing viruses or other
malevolent programs.
The affected server can also be used as a base to launch denial of
service attacks, or to break into other machines on the network.
Magdych urged users of vulnerable systems to contact their vendor for
patch information.
The vulnerability affects commercial Unix and BSD-based File Transfer
Protocol (FTP) server distributions, including FreeBSD 4.2, NetBSD 1.5,
OpenBSD 2.8, HPUX 11, IRIX 6.5 and Solaris 8.
PGP is not ruling out the possibility that other platforms may be
vulnerable, and is working with CERT to coordinate a collection of
information on all vulnerable FTP server distributions.
More information can be found on the CERT Advisory CA-2001-07.
Magdych said that PGP Security is also working with identified vendors
to help them provide patches for the hole, and is examining other
vendors'
server software distributions to confirm whether their systems may also
be
vulnerable.
"Usually, we would have held off on making the announcement until all
vendors had prepared a patch, but we are concerned that news about the
problem may be starting to circulate," Magdych said.
Sun, Hewlett-Packard and Silicon Graphics did not respond to requests
for comment.
FTP servers are used by more than 90 percent of all enterprise
networks to share data with employees, partners and customers, and this
vulnerability could affect a significant portion of those networks,
Magdych
said.
PGP isn't aware of any serious problems that can currently be
attributed to the vulnerability, but Magdych said that as the news about
the
hole spreads, it's "just a matter of time."
Exploiting the hole requires access to a vulnerable server, which
Magdych said is not a difficult task. Once inside the system, a cracker
simply creates a new directory on the server, using specific characters
to
name that directory.
After that, the cracker runs a command that searches for the new
directory, which can force the FTP server to surrender control of the
system.
FTP servers use a function called "glob" that allows users to conduct
a search using a condensed version of a name or a word.
Glob searches can flood a FTP system with data, a particularly common
type of vulnerability, which then leaves the system open to exploitation
by
attackers, who write code that allows them to override the systems
normal
protective functions.
Magdych said that vendors whose systems are affected were notified of
the problem several weeks ago, and patches are available for some
systems.
Users of the affected systems should contact vendors to obtain patch
information.
Until all vendors release the patches, the vulnerability can be
managed, to some degree, by ensuring that no directories exist in the
anonymous FTP tree which are writeable by an anonymous FTP user.
"Furthermore, BSD and Irix users should take care to ensure that no
directory in the anonymous FTP tree has a name longer than eight
characters.
This will protect against anonymous users launching an attack, but users
with a valid account on the system may still be able to exploit the
vulnerability," Magdych said.
PGP Security does not provide patches but works with vendors to inform
them of problems and help them close security gaps.
PGP has released an update to the company's CyberCop Scanner, a risk
assessment tool that can assist users in identifying systems that may be
vulnerable to the FTP vulnerability.
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com
_______________________________________________
svlug mailing list
svlug@lists.svlug.org
http://lists.svlug.org/mailman/listinfo/svlug
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:30:27 EDT