FTP server is vulnerable to an FTP server bounce attack
|Reported by:||JuergenHamel||Owned by:|
|Keywords:||Port Bounce Scan||Cc:|
|Component version:||0.9.56 beta||Operating system type:||Windows|
|Operating system version:||Windows Server 2012|
The FTP server accepts the PORT command and produces the following output "200 Port command successful"
although the server does not execute the command.
Command output should not be produced in that case.
This is a Nessus finding.
Port: ftp (21/tcp)
Issue name: FTP Privileged Port Bounce Scan
The remote FTP server is vulnerable to a FTP server bounce attack.
It is possible to force the remote FTP server to connect to third
parties using the PORT command.
The problem allows intruders to use your network resources to scan
other hosts, making them think the attack comes from your network.
See the CERT advisory in the references for solutions and workarounds.
The following command, telling the server to connect to 169.254.176.115 on port 10794:
produced the following output:
200 Port command successful
Nessus Plugin ID: 10081
VulnDB ID: 215