Preemptive Protection against Golden FTP USER Denial of Service Vulnerability
| Check Point Reference: | CPAI-2006-151 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: SA23323 | |
| Industry Reference(s): | CVE-2005-0634 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? Golden FTP Server version 1.92 | ||
| Vulnerability Description Golden FTP Server is an FTP server application for Microsoft Windows. The application is susceptible to a remote denial of service vulnerability. The issue is triggered when a 'USER' command with a lengthy parameter line is passed to the server, causing it to crash. |
||
|
Vulnerability Details The vulnerability is caused due to an error when processing an overly long argument passed to the 'USER' command. A remote attacker can cause the service to crash via an overly long parameter. |
Protection Overview
Overly long FTP commands (USER) may cause a buffer overflow on an affected FTP server. The protection addresses this issue by validating the length of the commands and blocking them if they exceed a certain length. No update is required to address this vulnerability.
To configure the defense, select your product from the list below and follow the related protection steps.
VPN-1 NGX R62
How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > FTP > FTP Patterns.
2. In the FTP Patterns configuration pane, under Settings > Mode, check Active.
3. The protection's options are enabled by default (as seen below).
The required protection for this vulnerability is:
Limit FTP Command length to 100
4. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: FTP Patterns Protection Violation
Attack Information: USER Buffer Overflow Attempt
VPN-1 NGX R61 & R60
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > FTP > FTP Patterns; The FTP Patterns window opens. The protection's options are enabled by default (as seen below):
The required protection for this vulnerability is:
Limit FTP Command length to 100
2. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: FTP Patterns Protection Violation
Attack Information: USER Buffer Overflow Attempt
InterSpect NGX
How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > FTP > FTP Patterns; The FTP Patterns window opens. The protection's options are enabled by default (as seen below):
The required protection for this vulnerability is:
Limit FTP Command length to 100
2. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log one of the following entries:
Attack Name: FTP Patterns Protection Violation
Attack Information: USER Buffer Overflow Attempt