Tenable Network Security

	Nessus
	Download
	Plugins
	Newest Plugins
	Obtain an activation code
	View all plugins
	Search
	Documentation
	Register
	Buy Now
	ProfessionalFeed Support
	Bugs
	All the Tenable Products

FTP Privileged Port Bounce Scan

This script is Copyright (C) 1999-2010 Tenable Network Security, Inc.


Family	FTP
Nessus Plugin ID	10081 (ftp_bounce.nasl)
Bugtraq ID	126
CVE ID	CVE-1999-0017

Description:
Synopsis : The remote FTP server is vulnerable to a FTP server bounce attack. Description : It is possible to force the remote FTP server to connect to third parties using the PORT command. The problem allows intruders to use your network resources to scan other hosts, making them think the attack comes from your network. See also : http://archives.neohapsis.com/archives/bugtraq/1995_3/0047.html http://archives.neohapsis.com/archives/bugtraq/2002-10/0367.html http://www.cert.org/advisories/CA-1997-27.html Solution : See the CERT advisory in the references for solutions and workarounds . Risk factor : High / CVSS Base Score : 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

This is the web site for the Nessus Vulnerability Scanner from Tenable Network Security. If you are looking for the probabilistic analysis software from Southwest Research Institute, please visit www.nessus.swri.org

FTP Privileged Port Bounce Scan