Preemptive Protection against GlobalSCAPE Secure FTP Server Remote Denial of Service
| Check Point Reference: | CPAI-2006-048 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | OSVDB ID: 24451 | |
| Industry Reference(s): | CVE-2006-1693 | |
| Protection Provided by: |
VPN-1
|
|
| Who is Vulnerable? GlobalSCAPE Secure FTP Server prior to 3.1.4 | ||
| Vulnerability Description GlobalSCAPE Secure FTP Server is an FTP server application for Microsoft Windows. The application is susceptible to a remote denial of service vulnerability. The issue is triggered when an unspecified custom command with a lengthy parameter line is passed to the server, causing the server to crash. |
||
|
Update/Patch Available Update to version 3.1.4 Build 01.10.2006. http://globalscape.com/downloads/gsftps.asp |
|
|
Vulnerability Details The vulnerability is caused due to an unspecified error in the processing of custom commands. The service and can be crashed using an overly long parameter. |
Protection Overview
By enabling this protection, SmartDefense will block the vulnerability based on several considerations: FTP patterns (e.g. suspicious login attempt patterns), overly long FTP commands and inspection of the Malicious Code Protector (MCP).
To configure the defense, select your product from the list below and follow the related protection steps.
VPN-1 NGX R61
How Can I Protect My Network?
1. Click Application Intelligence > FTP > FTP Patterns; The FTP Patterns window opens. The protection's options are enabled by default (as seen below): 
2. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: FTP Patterns Protection Violation
Attack Information: FTP Command Buffer Overflow Attempt
VPN-1 NGX R60
How Can I Protect My Network?
1. Click Application Intelligence > FTP > FTP Patterns; The FTP Patterns window opens. The protection's options are enabled by default (as seen below):
2. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:
Attack Name: FTP Patterns Protection Violation
Attack Information: FTP Command Buffer Overflow Attempt
InterSpect NGX
How Can I Protect My Network?
1. Click Application Intelligence > FTP > FTP Patterns; The FTP Patterns window opens. The protection's options are enabled by default (as seen below):
2. Install security policy on all modules.
How Do I Know if My Network is Under Attack?
SmartView Tracker will log one of the following entries:
Attack Name: FTP Patterns Protection Violation
Attack Information: FTP Command Buffer Overflow Attempt