FTP commands have been detected containing binary characters (FTP_Commands_With_Binary)

About this signature or vulnerability

Proventia Network IPS, RealSecure Desktop Protector 3.6, Proventia Server IPS for Linux technology, BlackICE Agent for Server, BlackICE PC Protection, BlackICE Server Protection, RealSecure Network, RealSecure Server Sensor, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Desktop, IBM Security Server Protection for Windows, Proventia Network MFS, Virtual Server Protection for Vmware:

This signature detects a number of FTP commands that exceeds pam.ftp.cmd.count (default = 3) whose arguments contain a number of binary characters that exceeds pam.ftp.cmd.binary.count (default = 5) and where the length of the command data exceeds to pam.file.maxname (default 150).

False positives

Default risk level

Low risk vulnerability Low

Sensors that have this signature

Proventia Network IPS: 2.0, RealSecure Desktop Protector 3.6: baseline, RealSecure Desktop: baseline, Proventia Server IPS for Linux technology: 1.0, BlackICE Agent for Server: 3.6eof, BlackICE PC Protection: 3.6cpa, BlackICE Server Protection: 3.6.cpa, RealSecure Network: XPU 21.1, RealSecure Server Sensor: XPU 21.1, Proventia-G 1.1 and earlier: G Series, Proventia Network IDS: XPU 21.1, Proventia Desktop: 8.0.614.1, IBM Security Server Protection for Windows: 2.1.14.2400, IBM Security Server Protection for Windows: 1.0.914.0, Proventia Network MFS: 1.0, Virtual Server Protection for Vmware: 1.0

Systems affected

Various vendors Any application

Type

Suspicious Activity

Vulnerability description

Several FTP commands have been detected that contain binary characters in the argument data.

How to remove this vulnerability

Inspect the server for evidence of a compromise.

References

ISS X-Force
FTP commands have been detected containing binary characters
http://www.iss.net/security_center/static/12952.php