Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:1728 |
| Message | FTP CWD ~ |
| Summary | This event is generated when an attempt is made to exploit a known vulnerability in the ftp server included with version 2.6 of the Sun Solaris operating system. |
| Impact | Serious. |
| Detailed Information | An error in the ftp daemon supplied with version 2.6 of Sun's Solaris operating system can cause the daemon to overflow a buffer and generate a core file that is world readable. The attacker may also be able to fill the disk partition by generating core files. |
| Affected Systems | Sun Solaris 2.6 |
| Attack Scenarios | An attacker can use a non-standard ftp client or initiate a session with the ftp server and issue a CWD ~ command. The attacker may then be able to read the core file and recover usernames and passwords for other users on the system |
| Ease of Attack | Simple |
| Corrective Action | Apply the appropriate vendor supplied patches Upgrade to the latest non-affected version of the software |
| Additional References | |
| Rule References | bugtraq: 2601 cve: 2001-0421 |
--
DID:803834
--
http://www.aanval.com/