Note: This is an archival copy of Security Sun Alert 200166 as previously published on http://sunsolve.sun.com.
Latest version of this security advisory is available from http://support.oracle.com as Sun Alert 1000121.1.
Article ID : 1000121.1
Article Type : Sun Alerts (SURE)
Last reviewed : 2003-03-13
Audience : PUBLIC
Copyright Notice: Copyright © 2010, Oracle Corporation and/or its affiliates.

Solaris FTP Server (in.ftpd(1M)) is Vulnerable to Denial of Service Attack

Category
Security

Release Phase
Resolved

Product
Solaris 9 Operating System
Solaris 2.6 Operating System
Solaris 7 Operating System
Solaris 8 Operating System

Bug Id
4714534

Date of Workaround Release
27-JAN-2003

Date of Resolved Release
14-MAR-2003

Impact

A local or remote unprivileged user may be able to disrupt FTP services on Solaris systems which act as FTP servers using the Sun supplied version of in.ftpd(1M).


Contributing Factors

This issue can occur in the following releases:

SPARC Platform

  • Solaris 2.6 without patch 106301-05
  • Solaris 7 without patch 110646-04
  • Solaris 8 without patch 111606-03
  • Solaris 9 without patch 114564-01

x86 Platform

  • Solaris 2.6 without patch 106302-05
  • Solaris 7 without patch 110647-04
  • Solaris 8 without patch 111607-03
  • Solaris 9 without patch 114565-01

Note: Solaris 2.5.1 will not be evaluated for potential impact for the described issue contained in this Sun Alert document.


Symptoms

Every command issued by the FTP client causing the denial of service will hang for a period, (default 60 seconds) and the vunerable FTP server to which that session is connected, will cease to respond to commands from other active mode FTP client's for a duration corresponding to the duration of that hang. During that time, all such commands from other active mode FTP client's will hang and may time out.


Workaround

Use passive FTP mode during denial of service conditions. Note that most FTP clients default to active mode. To enable passive mode, the ftp(1) command 'passive' needs to be entered before opening an ftp connection or the '-p' option can be supplied. For example: 

	$ ftp
	ftp> passive
	Passive mode on.
	ftp> open remotehost
or
	$ ftp -p remotehost

SSites using Solaris 9 can configure their FTP servers to only allow access from specified hosts by editing the ftpaccess(4) file. Sites using Solaris 2.6, 7 and 8 can limit access to the in.ftpd(1M) daemon using the freeware package tcp-wrappers which are available from: 

	http://www.sun.com/solaris/freeware.html

Note: The 'passive' mode in ftp(1) is only available on Solaris 9.


Resolution

This issue is addressed in the following releases:

SPARC Platform

  • Solaris 2.6 with patch 106301-05 or later
  • Solaris 7 with patch 110646-04 or later
  • Solaris 8 with patch 111606-03 or later
  • Solaris 9 with patch 114564-01 or later

x86 Platform

  • Solaris 2.6 with patch 106302-05 or later
  • Solaris 7 with patch 110647-04 or later
  • Solaris 8 with patch 111607-03 or later
  • Solaris 9 with patch 114565-01 or later


Modification History
Date: 30-JAN-2003
  • Modified Relief/Workaround section

Date: 06-FEB-2002
  • Temporary patches available
  • Updated Relief/Workaround section

Date: 14-FEB-2003
  • Temporary patches now available on SunSolve

Date: 20-FEB-2003
  • Temporary patches for Solaris 9 available

Date: 14-MAR-2003
  • Updated Contributing Factors, Relief/Workaround and Resolution sections
  • State: Resolved (and Closed)


References

111606-03
111607-03
110646-04
110647-04
106301-05
106302-05
114564-01
114565-01




Attachments
This solution has no attachment