PROTOCOL-FTP -- Snort alerted on suspicious use of the FTP protocol. FTP is generally unsafe, as it sends all data in plain text, including passwords. Stolen data may also aggregate via FTP, and malware-infected items are often made available via FTP sharing sites. Malicious FTP attempts are common, such as directory traversal, overflow attempts, FTP probing (for instance, from the SATAN tool), etc.
PROTOCOL-FTP RNFR overflow attempt
This event is generated when an attempt is made to exploit a buffer overflow associated with the RNFR command of the IPSwitch WS_FTP server. Impact: A successful attack may cause a denial of service or a buffer overflow and the subsequent execution of arbitrary code on a vulnerable server. Details: A vulnerability exists in the way that the IPSwitch WS_FTP service handles the RNFR command. An excessively long parameter supplied to the command can trigger a denial of service or a buffer overflow and the subsequent execution of arbitrary code on a vulnerable server. Ease of Attack: Simple.
No information provided
No public information
No known false positives
Cisco Talos Judy Novak
No rule groups
None
No information provided
None
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
