FTP: Pathname Too Long

This protocol anomaly triggers when it detects a pathname in an FTP command (RETR, STOR, APPE, SMNT, RNFR, RNTO, DELE, RMD, MKD, STAT, CWD, LIST, NLST) exceeds the length threshold. This can be an attempt to overflow the server. Default value is 512. You can set the FTP pathname length threshold to a higher or lower value. In IDP Manager: Select a security policy from Security Policies, then select the Sensor Settings tab. Select Protocol Thresholds and Configuration > FTP. In Netscreen-Security Manager: in the device navigation tree select Security > IDP SM Settings, then select the Protocol Thresholds and Configuration tab. Under FTP, click the Show button. Set the Maximum Pathname length to the new value and click OK.

Extended Description

Such conditions could indicate a configuration or implementation error, or it could indicate that an attack against FTP servers or clients is underway.

References

BugTraq: 41762 11772 39041

CVE: CVE-2004-1135

URL: http://www.ietf.org/rfc/rfc959.txt http://www.ayukov.com/nftp/ftp-rfc/rfc2577.txt

Short Name

FTP:OVERFLOW:PATH-TOO-LONG

Severity

Major

Recommended

True

Recommended Action

Drop

FTP: Pathname Too Long

Extended Description

References

Found a potential security threat?