Weve already touched on many file transfer related vulnerabilities, mainly surrounding disclosure of file contents and user/password information.
Data can be unwittingly disclosed if files are accidentally made available via FTP, or if you think youve put them in a directory accessible only to a certain authorized user, which ends up being accessible by all anonymous users as well.
Data can also be disclosed through packet sniffing, described below.
Issues in FTP can have interesting consequences, depending on the device with the flawed software, for example, a Cisco PIX firewall228 was found to have FTP vulnerability.
As with BSD TCP/IP code, some FTP server software such as wu-ftpd has really made the rounds of the community. When vulnerability is found in wu-ftpd, it tends to affect a large number of systems. Since FTP includes the ability to send and receive files, many exploits involve creating malicious files on the server, and causing trouble. For example, they could upload a virus that would be run by an unwitting tech support rep, or force a buffer overflow to create a DoS situation or gain unauthorized acces229s.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.