Preemptive Protection against Freefloat FTP Server Buffer Overflow

Vulnerability
Protection

Check Point Reference:	CPAI-2010-168
Date Published:
Preemptive Since:
Severity:
Source:	exploit-db 15689
Protection Provided by:	IPS-1 IPS-1 IPS-1 NGX R65
Who is Vulnerable? Windows XP SP3 (other versions may also be affected)
Vulnerability Description A 0-day exploit has been reported in Freefloat FTP Server, a freeware FTP server for all Windows oeprating systems.

Vulnerability Details
The exploit can be found here.

Protection Overview
The protection will detect and block FTP USER commands with overly long arguments.

To configure the defense, select your product from the list below and follow the related protection steps.

IPS-1 & IPS-1 NGX R65

How Can I Protect My Network?

1. In the IPS-1 Policy Manager, click on the Protection tab.
2. In the Protection tree, click Application Intelligence > FTP, and select the FTP Command Attacks protection group.
3. Click Long FTP username (IPS-1 NGX R65 only)
4. In the configuration pane, under Settings, check Active.
5. Click on Install Policy.

How Do I Know if My Network is Under Attack?
Upon attack, the following entries will be logged:

Alert Name: FTP Commands
Description: Long FTP username

Legal Notice for Threat Center Advisories