Two years after patch, another IE FTP flaw
A flaw in the way Microsoft's Internet Explorer browser processes FTP commands
could let attackers steal or erase data from a victim's FTP site.
The bug, which affects users of IE 6 and the unsupported IE 5 browser, gives
an attacker a way of hijacking the victim's FTP sessions. But a successful attack
would be very hard to pull off and would only work in very precise, targeted
attacks, security experts said.
The attacker would need to know the victim's username on the FTP server and
the victim would have to already be logged into the server, using IE. Under
those conditions, the victim could be sent a malicious FTP link that would then
execute commands on the victim's FTP server.
This link could be sent to the browser via an invisible iFrame component, hidden
on a malicious Web site, so the victim might not even know the attack was taking
place.
"It's something that people could use to steal data, but you'd have to
know your target," said Derek Abdine, the principal software engineer with
security vendor Rapid7, who disclosed the issue Monday in a security
advisory.
"The attack seems viable, but the stars have to be aligned just right
for the attack to work," said Craig Schmugar, a researcher with McAfee's
Avert Labs, in an e-mail. "An administrator would need to be authenticated
already or the server would need to be configured with weak credentials."
Rapid7 notified Microsoft of the issue on Jan. 22 and decided to publish proof-of-concept
code that illustrated the flaw after Microsoft had not patched the issue a month
later.
The flaw is "almost exactly the same" as another
IE FTP flaw that Microsoft patched in August 2006, Abdine said. Microsoft
fixed that bug with its MS06-042 patch, issued in August 2006.
The MS06-042
update fixed many IE vulnerabilities, but it ended up embarrassing Microsoft.
That's because the security patch had a flaw of its own, a critical security
vulnerability that sent Microsoft's security team scrambling to re-issue the
update.
The FTP problem does not affect IE 7, Microsoft said Tuesday. The software
vendor has not heard of any attacks that take advantage of this vulnerability
and has determined that any successful attack would only lead to the unauthorized
disclosure of data, the company said in a statement.
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
VMware ESX Server in the Enterprise
By Edward L. Haletky
Published Dec 29, 2007 by Prentice Hall.
Enter now! | Official rules | Sample chapter
Green IT
By Toby Velte, Anthony Velte, Robert C. Elsenpeter
To be published Oct. 10, 2008 by McGraw Hill Professional
Enter now! | Official rules | About the book
