Security Best Practice: Suspicious Characters in FTP User Name
| Check Point Reference: | SBP-2010-24 | |
| Date Published: | ||
| Severity: | ||
| Source: | Check Point Vulnerability Discovery Team | |
| Industry Reference(s): | CVE-2010-0542 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? FTP Servers | ||
| Vulnerability Description File Transfer Protocol is a popular protocol. FTP server may ask connecting users for their usernames and passwords. While the official FTP specification allows all characters in user names certain FTP servers fail to properly parse FTP usernames that contain special characters, most notably percents and quotes. Since quotes and percents in actual user names are extremely rare it's a good idea to block such characters. |
||
|
Vulnerability Details A remote command injection vulnerability has been discovered in Synology Disk Station. The Synology Disk Station is a product designed for storage purposes of small offices or home users. It supports several terabytes of total storage. The vulnerability is due to insufficient validation by Disk Station web interface when handling a malformed login command. Remote attackers could exploit this vulnerability by sending a specially crafted login command to a vulnerable system. Successful exploitation would allow the attacker to execute arbitrary commands on the affected system. |
Protection Overview
This protection will detect and block suspicious characters in usernames for FTP login requests.
In order for the protection to be activated, update your Security Gateway/VPN-1 product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.