Symantec Raptor / Enterprise Firewall for Solaris存在FTP Bounce攻击

发布时间：2002-04-19
更新时间：2002-04-19
严重程度：中
威胁程度：隐蔽攻击
错误类型：设计错误
利用方式：服务器模式

BUGTRAQ ID：4522

受影响系统

Symantec Enterprise Firewall 7.0 Solaris
   - Sun Solaris 2.6
   - Sun Solaris 7.0
Symantec Enterprise Firewall 7.0 NT/2000
   - Microsoft Windows 2000 Advanced Server
   - Microsoft Windows 2000 Advanced Server SP1
   - Microsoft Windows 2000 Advanced Server SP2
   - Microsoft Windows 2000 Datacenter Server
   - Microsoft Windows 2000 Datacenter Server SP1
   - Microsoft Windows 2000 Datacenter Server SP2
   - Microsoft Windows 2000 Professional
   - Microsoft Windows 2000 Professional SP1
   - Microsoft Windows 2000 Professional SP2
   - Microsoft Windows 2000 Server
   - Microsoft Windows 2000 Server SP1
   - Microsoft Windows 2000 Server SP2
   - Microsoft Windows 2000 Terminal Services
   - Microsoft Windows 2000 Terminal Services SP1
   - Microsoft Windows 2000 Terminal Services SP2
   - Microsoft Windows NT Enterprise Server 4.0
   - Microsoft Windows NT Enterprise Server 4.0 SP1
   - Microsoft Windows NT Enterprise Server 4.0 SP2
   - Microsoft Windows NT Enterprise Server 4.0 SP3
   - Microsoft Windows NT Enterprise Server 4.0 SP4
   - Microsoft Windows NT Enterprise Server 4.0 SP5
   - Microsoft Windows NT Enterprise Server 4.0 SP6
   - Microsoft Windows NT Enterprise Server 4.0 SP6a
   - Microsoft Windows NT Server 4.0
   - Microsoft Windows NT Server 4.0 SP1
   - Microsoft Windows NT Server 4.0 SP2
   - Microsoft Windows NT Server 4.0 SP3
   - Microsoft Windows NT Server 4.0 SP4
   - Microsoft Windows NT Server 4.0 SP5
   - Microsoft Windows NT Server 4.0 SP6
   - Microsoft Windows NT Server 4.0 SP6a
   - Microsoft Windows NT Terminal Server 4.0
   - Microsoft Windows NT Terminal Server 4.0 alpha
   - Microsoft Windows NT Terminal Server 4.0 SP1
   - Microsoft Windows NT Terminal Server 4.0 SP2
   - Microsoft Windows NT Terminal Server 4.0 SP3
   - Microsoft Windows NT Terminal Server 4.0 SP4
   - Microsoft Windows NT Terminal Server 4.0 SP5
   - Microsoft Windows NT Terminal Server 4.0 SP6
   - Microsoft Windows NT Terminal Server 4.0 SP6a
   - Microsoft Windows NT Workstation 4.0
   - Microsoft Windows NT Workstation 4.0 SP1
   - Microsoft Windows NT Workstation 4.0 SP2
   - Microsoft Windows NT Workstation 4.0 SP3
   - Microsoft Windows NT Workstation 4.0 SP4
   - Microsoft Windows NT Workstation 4.0 SP5
   - Microsoft Windows NT Workstation 4.0 SP6
   - Microsoft Windows NT Workstation 4.0 SP6a
Symantec Raptor Firewall 6.5.3 Solaris
   - Sun Solaris 2.6
   - Sun Solaris 7.0

详细描述
Raptor Firewall是企业级防火墙。

Raptor Firewall存在FTP bounce攻击，可导致攻击这通过连接FTP服务器并验证后，再使FTP服务器对任意主机进行连接。

测试代码
尚无

解决方案
增加如下选项控制FTP PORT的使用：

ftpd.suppress_address_mismatch_warning
ftpd.allow_address_mismatch

补丁下载：

Symantec Raptor Firewall 6.5.3 Solaris:

Symantec Hotfix ftpd-653-3des.tar
ftp://ftp.symantec.com/public/updates/ftpd-653-3des.tar
Domestic version

Symantec Hotfix ftpd-653-des.tar
ftp://ftp.symantec.com/public/updates/ftpd-653-des.tar
International version

Symantec Enterprise Firewall 7.0 Solaris:

Symantec Hotfix ftpd-70s-3des.tar
ftp://ftp.symantec.com/public/updates/ftpd-70s-3des.tar
Domestic version.

Symantec Hotfix ftpd-70s-des.tar
ftp://ftp.symantec.com/public/updates/ftpd-70s-des.tar
International version.

Symantec Enterprise Firewall 7.0 NT/2000:

相关信息
Roy Hills <Roy.Hills@nta-monitor.com>.
参考：http://online.securityfocus.com/archive/1/267784
相关主页：http://www.symantec.com/techsupp/enterprise/products/raptor_firewall/files.html

最近严重漏洞

Symantec Raptor / Enterprise Firewall for Solaris存在FTP Bounce攻击