Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)
      9  2.5  File Transfer

Previous Topic/Section
2.5.3  File Sharing
Previous Page
Pages in Current Topic/Section
1
Next Page
2.5.4.1  Packet Sniffing
Next Topic/Section

2.5.4  Vulnerabilities

We’ve already touched on many file transfer related vulnerabilities, mainly surrounding disclosure of file contents and user/password information.

Data can be unwittingly disclosed if files are accidentally made available via FTP, or if you think you’ve put them in a directory accessible only to a certain authorized user, which ends up being accessible by all anonymous users as well.

Data can also be disclosed through packet sniffing, described below.

Issues in FTP can have interesting consequences, depending on the device with the flawed software, for example, a Cisco PIX firewall228 was found to have FTP vulnerability.

As with BSD TCP/IP code, some FTP server software such as wu-ftpd has really made the rounds of the community. When vulnerability is found in wu-ftpd, it tends to affect a large number of systems. Since FTP includes the ability to send and receive files, many exploits involve creating malicious files on the server, and causing trouble. For example, they could upload a virus that would be run by an unwitting tech support rep, or force a buffer overflow to create a DoS situation or gain unauthorized acces229s.

Quick navigation to subsections and regular topics in this section



 __________________

228. http://www.cisco.com/warp/public/707/pixftp-pub.shtml

229. http://www.wwdsi.com/demo/saint_tutorials/FTP_vulnerabilities.html

Previous Topic/Section
2.5.3  File Sharing
Previous Page
Pages in Current Topic/Section
1
Next Page
2.5.4.1  Packet Sniffing
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.