Vulnerability Development mailing list archives
Re: ws_ftp pro 6.51 exposes internal IP addresses
From: Adam Prato <sirsyko () MERGIOO ISHIBOO COM>
Date: Tue, 1 Aug 2000 11:15:53 -0400
On Mon, Jul 31, 2000 at 09:07:13AM -0400, Crawling KingSnake wrote:
ws_ftp pro 6.51 exposes internal IP addresses when connecting using PASV mode and the target site is using ipfilter. This was tested on a network using OpenBSD 2.7 as the firewall/gateway with several internally addressed machines running different server applications. Here is a log:
[...]
PASV 227 Entering Passive Mode (192,168,1,5,6,184). connecting to 192.168.1.5:1720 I have cleansed the log to protect the network. But as you can see the first attempt fails and somehow the internal address is exposed to ws_ftp and then to the user. The second login attempt happens automatically, immediately after the first login failure. A malicious person could use this information to specifically target the internal machines if/when a breach of the gateway box occurs. Vendor was notified but no response.
what is the vendor supposed to do? This is an administration issue. If you are protecting your network via a firewall, and you intend to hide all aspects of your network hierarchy, then you'll want to disable passive ftp. Unless ws_ftpd is not capable of disabling passive ftp, this doesnt sound like a vendor issue. <ss>
Current thread:
- ws_ftp pro 6.51 exposes internal IP addresses Crawling KingSnake (Aug 01)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Adam Prato (Aug 02)
- <Possible follow-ups>
- Re: ws_ftp pro 6.51 exposes internal IP addresses Vachon, Scott (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Crawling KingSnake (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Iván Arce (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Adam Prato (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Crawling KingSnake (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Nick (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Crawling KingSnake (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Alun Jones (Aug 08)