BlueArc Titan FTP Bounce Vulnerability
BID:23540
Info
BlueArc Titan FTP Bounce Vulnerability
| Bugtraq ID: | 23540 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 17 2007 12:00AM |
| Updated: | Apr 18 2007 03:51PM |
| Credit: | Tim Rupp is credited with discovering this vulnerability. |
| Vulnerable: |
BlueArc Titan 4.2.944b BlueArc Titan 2500 BlueArc Titan 2200 BlueArc Titan 2100 |
| Not Vulnerable: |
BlueArc Titan 4.3 |
Discussion
BlueArc Titan FTP Bounce Vulnerability
BlueArc Titan is affected by an FTP-bounce issue that can allow remote attackers to connect between the FTP server and an arbitrary port on another computer.
Successful exploits may allow an attacker to make connections to arbitrary hosts and generate traffic with the identity of the vulnerable FTP server.
This issue affects firmware 4.2.944b; prior versions may also be affected.
BlueArc Titan is affected by an FTP-bounce issue that can allow remote attackers to connect between the FTP server and an arbitrary port on another computer.
Successful exploits may allow an attacker to make connections to arbitrary hosts and generate traffic with the identity of the vulnerable FTP server.
This issue affects firmware 4.2.944b; prior versions may also be affected.
Exploit / POC
BlueArc Titan FTP Bounce Vulnerability
An attacker uses standard network tools to exploit this issue.
An attacker uses standard network tools to exploit this issue.
Solution / Fix
BlueArc Titan FTP Bounce Vulnerability
Solution:
Reports indicate that this issue may have been addressed in version 4.3. Symantec has not confirmed this.
Solution:
Reports indicate that this issue may have been addressed in version 4.3. Symantec has not confirmed this.
References
BlueArc Titan FTP Bounce Vulnerability
References:
References: