|
|
Info |
Last Modified |
| 10 months ago |
|
|
|
|
|
This Entry needs help! It is only 50% Complete. Click the edit link above to add more information.
Contributing is fast and easy, and benefits the entire security community.
|
Description |
(Description Provided by CVE) : The default installation of Fastream NETFile FTP/Web Server 7.4.6, which supports FXP, does not require that the IP address in a PORT command be the same as the IP of the logged in user, which allows remote attackers to conduct FTP Bounce attacks to bypass firewall rules or cause a denial of service.
|
|
Classification |
Unknown or Incomplete
|
|
Solution |
Upgrade to version 7.6 or higher, which allows disabling of FXP if it is not required. It is also possible to correct the flaw by implementing the following workaround(s):
1. Note that if FXP is enabled, the DoS attack is still possible (i.e. PORT 127,0,0,1,x,y is possible). Hence, if you enable FXP, you should only allow trusted users to logon to your FTP server.
2. Set a strong password for the admin interface.
|
|
Products |
|
NETFile FTP/Web Server
 |
7.4.6 |
|
|
|
|
|
|
Credit |
- Tan Chew Keong - vuln
 secunia.com - Secunia Research
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
