Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Preemptive Protection against Freefloat FTP Server Invalid Command Buffer Overflow

Subscribe

Check Point Reference: CPAI-2011-128
Date Published:
Preemptive Since:
Severity:
Source:
Protection Provided by: IPS-1
  • IPS-1
  • IPS-1 NGX R65
Who is Vulnerable?
Freefloat FTP Servers
Vulnerability Description
A buffer overflow vulnerability has been reported in Freefloat FTP Server.
Vulnerability Details
The vulnerability is due to insufficient validation while handling overly long FTP requests sent to the server. A remote attacker may exploit this vulnerability by sending a specially crafted command to an affected FreeFloat FTP server. Successful exploitation could allow an attacker to execute arbitrary code on the target server.

Protection Overview
The protection will block FTP server replies which contain overly long strings.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 NGX R65 & IPS-1

How Can I Protect My Network?
1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Application Intelligence > FTP, and select the FTP Compliance protection group.
3. Click Microsoft Internet Explorer FTP Response Parsing Memory Corruption.
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:

Alert Name: FTP Compliance
Description: Microsoft Internet Explorer FTP Response Parsing Memory Corruption