CRIME FW: NIPC Advisory 01-027

From: George Heuston (georgeh@private)
Date: Wed Nov 28 2001 - 12:49:31 PST

Next message: Alok Aggarwal: "RE: CRIME [TOOL] PDD, Forensic Analysis for the PalmOS"

Previous message: Alan: "Re: Crispin on Badtrans.B, was: REMOVE FROM CRIME LIST"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Original Message-----
From: NIPC Watch [mailto:nipc.watch@private] 
Sent: Wednesday, November 28, 2001 12:34 PM
To: daily
Subject: NIPC Advisory 01-027

                                        National Infrastructure
Protection Center
"Significant Vulnerability Identified In Common Linux File Transport
Protocol Program Identified"
                                                        Advisory 01-027
                                                        28 November 2001

Summary:

The National Infrastructure Protection Center (NIPC) has learned about a
vulnerability in versions of the Washington University File Transport
Protocol Daemon (WU-FTPD) that could lead to an attacker gaining
surreptitious access to sensitive information.  For those systems using
the WU-FTPD service for which a patch is not yet available, it is
suggested that you either disable FTP by blocking TCP port 21 or, in
those instances where this is not an option, disable anonymous logon.

Problem:

The original problem was discovered by Bindview more than 6 months ago,
but not believed to be exploitable at that time.  Since that time, Core
Security Technologies has proven that the vulnerability is exploitable.
Additionally, it is believed that an exploit, leveraging this
vulnerability for Linux systems, is already circulating in the hacker
community.

In order for an attacker to be able to exploit this vulnerability, the
WU-FTPD service must either allow anonymous access or the attacker must
gain valid credentials to use the service.  Anonymous access is often
enabled by default on some systems.

Additional technical information, including a list of affected versions
can be found at the following website:

http://aris.securityfocus.com/alerts/wuftpd/

Mitigation:

The WU-FTPD development team has been notified of the problem and is
working on a patch to correct the problem.   Until a patch is released,
users can mitigate the potential impact of this by disabling FTP, which
normally runs on TCP port 21.  Also, it is suggested, for those sites
that require FTP to be enabled, that they restrict anonymous access,
which is basically a guest account that is often available without any
additional authentication.

Recipients of this advisory are encouraged to report computer intrusions
to their local FBI office (http://www.fbi.gov/contact/fo/fo.htm) or the
NIPC, and to the other appropriate authorities. Incidents may be
reported online at http://www.nipc.gov/incident/cirr.htm. The NIPC Watch
and Warning Unit can be reached at (202) 323-3204/3205/3206 or
nipc.watch@private

Next message: Alok Aggarwal: "RE: CRIME [TOOL] PDD, Forensic Analysis for the PalmOS"
Previous message: Alan: "Re: Crispin on Badtrans.B, was: REMOVE FROM CRIME LIST"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun May 26 2002 - 11:35:33 PDT