Vulnerability Development mailing list archives
Re: ws_ftp pro 6.51 exposes internal IP addresses
From: Adam Prato <sirsyko () MERGIOO ISHIBOO COM>
Date: Wed, 2 Aug 2000 17:38:10 -0400
On Tue, Aug 01, 2000 at 12:07:07PM -0400, Crawling KingSnake wrote:
How so is this an administrative issue? ws_ftp is the only one that does this. Other clients connect successfully using PASV mode. Maybe you should reread the statement and not be so quick to jump on the "administrator at fault" excuse. The server does not have the bounce attack enabled but the client must use PASV to connect because of the firewall. Those are two different issues. Please try to understand the situation before responding since these responses prove wasteful.
a) my comments werent directed as an attack. I just failed to see the "vulnerability" in this issue. b) how does ws_ftp pro 6.51 behave any differently than any other client when connecting to a remote server? If you have a server behind a firewall, and you intend to allow ftp connections to said server, *and* you intend to protect the topology about the network behind said firewall, you will need to disable passive ftp. Regardless of the operating system or the ftp daemon that the operating system runs, you'll need to disallow passive ftp in order to keep the topology information secret. The passive (PASV) command will always return this information. Try setting up other ftp daemons on other ports redirected by the IPFilter firewall. For example, if you use the passive command against solaris ftpd, you will see information about the solaris machine's internal ip address. I fail to see how ws_ftp is any more capable of compromising the security of a remote environment since all ftp clients will behave this way. The information given to the ws_ftp client is the same information that any server will give to any client. c) since this is a "development" list, I didnt see my comments as wasteful. I merely posed a conjecture that I wanted to be refuted, if possible. If this is truly a vulnerability, please explain why it is a vulnerability, rather than attacking the usefulness of my posts. <ss>
On Mon, Jul 31, 2000 at 09:07:13AM -0400, Crawling KingSnake wrote:ws_ftp pro 6.51 exposes internal IP addresses when connecting using PASV<snip>Vendor was notified but no response.what is the vendor supposed to do? This is an administration issue. If you are protecting your network via a firewall, and you intend to hide all aspects of your network hierarchy, then you'll want to disable passive ftp. Unless ws_ftpd is not capable of disabling passive ftp, this doesnt sound like a vendor issue. <ss> ______________________________________________ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup
Current thread:
- ws_ftp pro 6.51 exposes internal IP addresses Crawling KingSnake (Aug 01)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Adam Prato (Aug 02)
- <Possible follow-ups>
- Re: ws_ftp pro 6.51 exposes internal IP addresses Vachon, Scott (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Crawling KingSnake (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Iván Arce (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Adam Prato (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Crawling KingSnake (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Nick (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Crawling KingSnake (Aug 02)
- Re: ws_ftp pro 6.51 exposes internal IP addresses Alun Jones (Aug 08)