HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: FTP Vulnerability
Operating System - HP-UX
1829737
Members
1959
Online
109992
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2003 09:57 AM
05-13-2003 09:57 AM
FTP Vulnerability
Hello. A recent security scan came up with the following on one of our HP/UX 11.11 servers.
The FTP protocol uses a main connection, called a control connection.
Data connections may be opened in two ways:
1. active data connection
The client, before a data transfer starts, sends a PORT command on the control
connection.
2. passive data connection
The client, before a data transfer starts, sends a PASV command to the server. The server answers with the IP address and TCP port it will listen to. The client then opens this data connection to the given endpoint on the FTP
server.
In PASV mode, both control and data connections are initiated by the client, which makes this mode easier to set up across firewalls.
Some FTP servers unfortunately open ports in sequential order. The issue is that an intruder could intercept the answer to the PASV command and open the data connection before the legitimate client can do it. The intruder can then steal information (if the intended FTP command is a 'retrieve') or tamper with data on the server (if the intended FTP command is a 'store').
Please note that this TC can fail if other PASV commands are issued at the time of the test ( in this case, the port numbers returned by the server will not be sequential anymore ).
Does anyone know is there a patch for the HP ftp daemon to resolve this or do I need to look at replacing the HP ftpd with wu_ftpd or another ftp program?
TIA,
Sean
The FTP protocol uses a main connection, called a control connection.
Data connections may be opened in two ways:
1. active data connection
The client, before a data transfer starts, sends a PORT command on the control
connection.
2. passive data connection
The client, before a data transfer starts, sends a PASV command to the server. The server answers with the IP address and TCP port it will listen to. The client then opens this data connection to the given endpoint on the FTP
server.
In PASV mode, both control and data connections are initiated by the client, which makes this mode easier to set up across firewalls.
Some FTP servers unfortunately open ports in sequential order. The issue is that an intruder could intercept the answer to the PASV command and open the data connection before the legitimate client can do it. The intruder can then steal information (if the intended FTP command is a 'retrieve') or tamper with data on the server (if the intended FTP command is a 'store').
Please note that this TC can fail if other PASV commands are issued at the time of the test ( in this case, the port numbers returned by the server will not be sequential anymore ).
Does anyone know is there a patch for the HP ftp daemon to resolve this or do I need to look at replacing the HP ftpd with wu_ftpd or another ftp program?
TIA,
Sean
5 REPLIES 5
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2003 10:28 AM
05-13-2003 10:28 AM
Re: FTP Vulnerability
This is the only patch I found.
http://www2.itrc.hp.com/service/patch/patchDetail.do?patchid=PHNE_27765&context=hpux:800:11:11
I'm not sure it deals with this issue or not.
I recall reading forum posts that say wu-ftpd is just as good as the other possible candidates.
ftpd's real problem is that password exchange is in clear text which creates intercept possibilitiies. To avoid that you have to switch to secure shell.
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA
SEP
http://www2.itrc.hp.com/service/patch/patchDetail.do?patchid=PHNE_27765&context=hpux:800:11:11
I'm not sure it deals with this issue or not.
I recall reading forum posts that say wu-ftpd is just as good as the other possible candidates.
ftpd's real problem is that password exchange is in clear text which creates intercept possibilitiies. To avoid that you have to switch to secure shell.
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=T1471AA
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2003 11:39 AM
05-13-2003 11:39 AM
Re: FTP Vulnerability
Steven,
That was the only patch I found as well, and it's already installed on the machines.
I'd really rather not have to replace FTP on their servers, as that is just another app that we'll have to track and patch separately.
Unfortunately only using SSh isn't an option on these servers because their primary appliation only supports telnet.
That was the only patch I found as well, and it's already installed on the machines.
I'd really rather not have to replace FTP on their servers, as that is just another app that we'll have to track and patch separately.
Unfortunately only using SSh isn't an option on these servers because their primary appliation only supports telnet.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2003 11:51 AM
05-13-2003 11:51 AM
Re: FTP Vulnerability
I'm probably confused(usually am), but you can run secure shell and ftpd and telnetd simultaneously.
Just because your primary application requires telnet doesn't mean you can't replace ftpd with sftp running from the sshd daemon.
I'm probably missing a lot, and you know the integration issues better than me.
SEP
Just because your primary application requires telnet doesn't mean you can't replace ftpd with sftp running from the sshd daemon.
I'm probably missing a lot, and you know the integration issues better than me.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2003 12:00 PM
05-13-2003 12:00 PM
Re: FTP Vulnerability
This isn't an exact answer to your question, but you can limit ftp to use only designated hosts. Create the /var/adm/inetd.sec file, and give it an entry like:
ftp allow 192.168.1.100
This means that ONLY the host at that address can use ftp. Its not perfect, but it works pretty well. You can use *'s as wildcards to get a whole range of addresses. Then if you DO get hacked, you at least know where to start looking for the culprit!
Chris
ftp allow 192.168.1.100
This means that ONLY the host at that address can use ftp. Its not perfect, but it works pretty well. You can use *'s as wildcards to get a whole range of addresses. Then if you DO get hacked, you at least know where to start looking for the culprit!
Chris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2003 06:59 PM
05-13-2003 06:59 PM
Re: FTP Vulnerability
ftp on 11.11 is WU-FTPD so you've got the code already. 11.0 (with recent patches) also has WU-FTPD. The random sequence number issue came up a couple of years ago and I believe there was a patch to resolve it although there were caveats for compatibility issues (primarily for firewalls and proxy servers). As mentioned, changing from ftp to sftp is the preferred solution although it may not be available for other platforms.
Bill Hassell, sysadmin
Bill Hassell, sysadmin
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP