FTP Privileged Port Bounce Scan

This script is Copyright (C) 1999-2016 Tenable Network Security, Inc.


Synopsis :

The remote FTP server is vulnerable to a FTP server bounce attack.

Description :

It is possible to force the remote FTP server to connect to third
parties using the PORT command.

The problem allows intruders to use your network resources to scan
other hosts, making them think the attack comes from your network.

See also :

http://archives.neohapsis.com/archives/bugtraq/1995_3/0047.html

Solution :

See the CERT advisory in the references for solutions and workarounds.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 7.1
(CVSS2#E:F/RL:U/RC:ND)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 10081 (ftp_bounce.nasl)

Bugtraq ID: 126

CVE ID: CVE-1999-0017

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial