Opened 9 years ago

Closed 9 years ago

#10793 closed Bug report (rejected)

FTP server is vulnerable to an FTP server bounce attack

Reported by: JuergenHamel Owned by:
Priority: normal Component: FileZilla Server
Keywords: Port Bounce Scan Cc:
Component version: 0.9.56 beta Operating system type: Windows
Operating system version: Windows Server 2012

Description

The FTP server accepts the PORT command and produces the following output "200 Port command successful"
although the server does not execute the command.
Command output should not be produced in that case.

This is a Nessus finding.

Nessus description:
Port: ftp (21/tcp)
Issue name: FTP Privileged Port Bounce Scan

Synopsis:
The remote FTP server is vulnerable to a FTP server bounce attack.

Description:
It is possible to force the remote FTP server to connect to third
parties using the PORT command.
The problem allows intruders to use your network resources to scan
other hosts, making them think the attack comes from your network.

Solution:
See the CERT advisory in the references for solutions and workarounds.

Plugin Output:
The following command, telling the server to connect to 169.254.176.115 on port 10794:
PORT 169,254,176,115,42,42
produced the following output:
200 Port command successful

Nessus Plugin ID: 10081
VulnDB ID: 215

Change History (1)

comment:1 by Tim Kosse, 9 years ago

Resolution: rejected
Status: newclosed

I get this:

PORT 169,254,176,115,42,42
421 Rejected command, requested IP address does not match control connection IP.

Have you manually decreased the protection level on the security settings page of FileZilla Server?

Note: See TracTickets for help on using tickets.