CRIME FW: NIPC Advisory 01-027

From: George Heuston (georgeh@private)
Date: Wed Nov 28 2001 - 12:49:31 PST

  • Next message: Alok Aggarwal: "RE: CRIME [TOOL] PDD, Forensic Analysis for the PalmOS"

    -----Original Message-----
    From: NIPC Watch [mailto:nipc.watch@private] 
    Sent: Wednesday, November 28, 2001 12:34 PM
    To: daily
    Subject: NIPC Advisory 01-027
    
    
                                            National Infrastructure
    Protection Center
    "Significant Vulnerability Identified In Common Linux File Transport
    Protocol Program Identified"
                                                            Advisory 01-027
                                                            28 November 2001
    
    Summary:
    
    The National Infrastructure Protection Center (NIPC) has learned about a
    vulnerability in versions of the Washington University File Transport
    Protocol Daemon (WU-FTPD) that could lead to an attacker gaining
    surreptitious access to sensitive information.  For those systems using
    the WU-FTPD service for which a patch is not yet available, it is
    suggested that you either disable FTP by blocking TCP port 21 or, in
    those instances where this is not an option, disable anonymous logon.
    
    Problem:
    
    The original problem was discovered by Bindview more than 6 months ago,
    but not believed to be exploitable at that time.  Since that time, Core
    Security Technologies has proven that the vulnerability is exploitable.
    Additionally, it is believed that an exploit, leveraging this
    vulnerability for Linux systems, is already circulating in the hacker
    community.
    
    In order for an attacker to be able to exploit this vulnerability, the
    WU-FTPD service must either allow anonymous access or the attacker must
    gain valid credentials to use the service.  Anonymous access is often
    enabled by default on some systems.
    
    Additional technical information, including a list of affected versions
    can be found at the following website:
    
    http://aris.securityfocus.com/alerts/wuftpd/
    
    Mitigation:
    
    The WU-FTPD development team has been notified of the problem and is
    working on a patch to correct the problem.   Until a patch is released,
    users can mitigate the potential impact of this by disabling FTP, which
    normally runs on TCP port 21.  Also, it is suggested, for those sites
    that require FTP to be enabled, that they restrict anonymous access,
    which is basically a guest account that is often available without any
    additional authentication.
    
    Recipients of this advisory are encouraged to report computer intrusions
    to their local FBI office (http://www.fbi.gov/contact/fo/fo.htm) or the
    NIPC, and to the other appropriate authorities. Incidents may be
    reported online at http://www.nipc.gov/incident/cirr.htm. The NIPC Watch
    and Warning Unit can be reached at (202) 323-3204/3205/3206 or
    nipc.watch@private
    



    This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:35:33 PDT