漏洞信息详情
多个供应商FTP跳转攻击漏洞
- CNNVD编号:CNNVD-199712-006
- 危害等级: 高危
- CVE编号: CVE-1999-0017
- 漏洞类型: 设计错误
- 发布时间: 1997-12-10
- 威胁类型: 远程
- 更新时间: 2006-09-20
- 厂 商: sun
- 漏洞来源: This problem was i...
漏洞简介
FTP服务器存在漏洞。攻击者可以连接机器上的任意端口,出了FTP端口,也称为FTP跳转。
漏洞公告
SGI have released an advisory (20030304-01-P) with further details that address this issue. A number of patches to fix this vulnerability have also been provided. SGI have recommended that users upgrade to IRIX 6.5.20 or install the appropriate version specific patch. On SGI IRIX versions 6.5.6 and later this issue may be mitigated by running the FTP server with the -p option. If the FTP server is run via inetd, then the inetd configuration file should be modified to reflect this. In the reference section of this vulnerabilty you will find CERT Advisory CA-97.27.FTP_bounce which details fix information for the majority of the known vulnerable vendors. Further information is also referenced to allow you to test your ftpd for this issue.
参考网址
Vulnerable software and versionsConfiguration 1OR* cpe:/a:gnu:inet:5.01* cpe:/a:gnu:inet:6.01* cpe:/a:gnu:inet:6.02* cpe:/a:washington_university:wu-ftpd:2.4Configuration 2OR* cpe:/o:caldera:openlinux:1.2* cpe:/o:freebsd:freebsd:1.0* cpe:/o:freebsd:freebsd:1.1* cpe:/o:freebsd:freebsd:1.2* cpe:/o:freebsd:freebsd:2.0* cpe:/o:freebsd:freebsd:2.1.0* cpe:/o:freebsd:freebsd:2.1.7* cpe:/o:ibm:aix:3.2* cpe:/o:ibm:aix:4.1* cpe:/o:ibm:aix:4.2* cpe:/o:ibm:aix:4.3* cpe:/o:netbsd:netbsd:1.0* cpe:/o:netbsd:netbsd:1.1* cpe:/o:netbsd:netbsd:1.2* cpe:/o:netbsd:netbsd:1.2.1* cpe:/o:sco:open_desktop:3.0* cpe:/o:sco:openserver:5.0.4* cpe:/o:sco:unixware:2.1* cpe:/o:siemens:reliant_unix* cpe:/o:sun:sunos:4.1.3u1* cpe:/o:sun:sunos:4.1.4* cpe:/o:sun:sunos:5.3* cpe:/o:sun:sunos:5.4* cpe:/o:sun:sunos:5.4::x86* cpe:/o:sun:sunos:5.5* cpe:/o:sun:sunos:5.5.1* cpe:/o:sun:sunos:5.5.1::x86* cpe:/o:sun:sunos:5.5::x86* Denotes Vulnerable Software* Changes related to vulnerability configurations Technical DetailsVulnerability Type (View All) CVE Standard Vulnerability Entry:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0017
受影响实体
- Sun Sunos:5.5:X86
- Sun Sunos:5.5.1:X86
- Sun Sunos:5.5.1
- Sun Sunos:5.5
- Sun Sunos:5.4:X86
补丁
暂无
评论