发布时间 :2005-05-18 00:00:00
修订时间 :2011-03-07 21:22:23

[原文]The default installation of Fastream NETFile FTP/Web Server 7.4.6, which supports FXP, does not require that the IP address in a PORT command be the same as the IP of the logged in user, which allows remote attackers to conduct FTP Bounce attacks to bypass firewall rules or cause a denial of service.

[CNNVD]Fastream NETFile FTP/Web Server漏洞(CNNVD-200505-1109)

        支持FXP的Fastream NETFile FTP/Web Server 7.4.6的默认安装,不要求PORT命令中的IP地址和登录用户IP地址一样,远程攻击者可以执行FTP Bounce攻击来绕过防火墙规则或发起拒绝服务攻击。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  VUPEN  ADV-2005-0556

- 漏洞信息

Fastream NETFile FTP/Web Server漏洞
高危 未知
2005-05-18 00:00:00 2005-10-20 00:00:00
        支持FXP的Fastream NETFile FTP/Web Server 7.4.6的默认安装,不要求PORT命令中的IP地址和登录用户IP地址一样,远程攻击者可以执行FTP Bounce攻击来绕过防火墙规则或发起拒绝服务攻击。

- 公告与补丁


- 漏洞信息

Fastream NETFile FTP/Web Server Port Scan Bounce Weakness
Remote / Network Access Input Manipulation
Loss of Integrity Upgrade
Exploit Public Uncoordinated Disclosure

- 漏洞描述

Fastream NETFile FTP/Web Server contains a flaw that may lead to an information disclosure. The problem is that the FTP server does not validate IP addresses supplied via the PORT command while in passive(PASV) mode. It is possible for a remote attacker to establish a connection between the FTP server and an arbitrary port on a third-party system, essentially conducting a port-scan. This can be used to obscure the the source of the port-scan, as well as scan internal systems that may be protected by a screening device.

- 时间线

2005-05-17 2005-04-17
2005-05-17 Unknow

- 解决方案

Upgrade to version 7.6 or higher, which allows disabling of FXP if it is not required. It is also possible to correct the flaw by implementing the following workaround(s): 1. Note that if FXP is enabled, the DoS attack is still possible (i.e. PORT 127,0,0,1,x,y is possible). Hence, if you enable FXP, you should only allow trusted users to logon to your FTP server. 2. Set a strong password for the admin interface.

- 相关参考

- 漏洞作者