Check Point Advisories

Preemptive Protection against Freefloat FTP Server Invalid Command Buffer Overflow

Check Point Reference: CPAI-2011-128
Date Published: 5 Jan 2012
Severity: High
Last Updated: Monday 25 November, 2024
Source:
Protection Provided by:

IPS-1
IPS-1

  • IPS-1 NGX R65

    		•
    Who is Vulnerable? Freefloat FTP Servers
    Vulnerability Description A buffer overflow vulnerability has been reported in Freefloat FTP Server.
    Vulnerability DetailsThe vulnerability is due to insufficient validation while handling overly long FTP requests sent to the server. A remote attacker may exploit this vulnerability by sending a specially crafted command to an affected FreeFloat FTP server. Successful exploitation could allow an attacker to execute arbitrary code on the target server.

    Protection Overview

    The protection will block FTP server replies which contain overly long strings.

    IPS-1 NGX R65 & IPS-1

    1. In the IPS-1 Policy Manager, click on the Protection tab.
    2. In the Protection tree, click Application Intelligence > FTP, and select the FTP Compliance protection group.
    3. Click Microsoft Internet Explorer FTP Response Parsing Memory Corruption.
    4. In the configuration pane, under Settings, check Active.
    5. Click on Install Policy.

    Upon attack, the following entries will be logged:

    Alert Name: FTP Compliance
    Description: Microsoft Internet Explorer FTP Response Parsing Memory Corruption

    ×
      Feedback
    This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
    OK