• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Windows Server 2000 security vulnerabilities

A

apac

Diamond Member
I run a small lab at my University and the server was quarantined from the network for 2 security issues. The machine was reloaded about 6 months ago and was fully updated at that point. The university scan reported this:

port 6699
-----------------
The remote FTP server closes
the connection when a command is too long or is given
a too long argument.

This probably due to a buffer overflow, which
allows anyone to execute arbitrary code
on the remote host.

This problem is threatening, because
the attackers don't need an account
to exploit this flaw.

Solution : Upgrade your FTP server or change it
Risk factor : High
--------------

port 7500
--------------
It was possible to disable the remote FTP server
by connecting to it about 3000 times, with
one connection at a time.

If the remote server is running from within [x]inetd, this
is a feature and the FTP server should automatically be back
in a couple of minutes.

An attacker may use this flaw to prevent this
service from working properly.

Solution : If the remote server is GoodTech ftpd server,
download the newest version from http://www.goodtechsys.com.
BID : 2270
Risk factor : High
-----------------
Click to expand...

And idea what would be causing this? The server does not have IIS installed, and is not running any FTP applications. Is it possible this could be caused by one of the servers clients (about 12 in total)?
 
Can you telnet to see if either port has a service running on it?

Disable the FTP service if it's not doing anything.

Or get a software firewall and stealth all of your ports.
 
Interesting...

I was able to telnet into both ports. 6699 had only a blank window, but 7500 displays "220 Seveur FTP de Spools v4.0 pr[omega character]T". After a connection timeout it says "421 Temps de session maximum exc0d0 - fermeture."

Looks like a backdoor 🙁.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top