ID CVE-2002-0538
Summary FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the "FTP bounce" vulnerability.
References
Vulnerable Configurations
  • cpe:2.3:a:symantec:enterprise_firewall:6.5.2:*:windows_2000_nt:*:*:*:*:*
    cpe:2.3:a:symantec:enterprise_firewall:6.5.2:*:windows_2000_nt:*:*:*:*:*
  • cpe:2.3:a:symantec:enterprise_firewall:7.0:*:solaris:*:*:*:*:*
    cpe:2.3:a:symantec:enterprise_firewall:7.0:*:solaris:*:*:*:*:*
  • cpe:2.3:a:symantec:enterprise_firewall:7.0:*:windows_2000_nt:*:*:*:*:*
    cpe:2.3:a:symantec:enterprise_firewall:7.0:*:windows_2000_nt:*:*:*:*:*
  • cpe:2.3:a:symantec:raptor_firewall:6.5:*:windows_nt:*:*:*:*:*
    cpe:2.3:a:symantec:raptor_firewall:6.5:*:windows_nt:*:*:*:*:*
  • cpe:2.3:a:symantec:raptor_firewall:6.5.3:*:solaris:*:*:*:*:*
    cpe:2.3:a:symantec:raptor_firewall:6.5.3:*:solaris:*:*:*:*:*
  • cpe:2.3:a:symantec:velociraptor:1.x:*:*:*:*:*:*:*
    cpe:2.3:a:symantec:velociraptor:1.x:*:*:*:*:*:*:*
  • cpe:2.3:h:symantec:gateway_security:1.0:*:*:*:*:*:*:*
    cpe:2.3:h:symantec:gateway_security:1.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 08-03-2011 - 02:08)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 4522
bugtraq
  • 20020415 Raptor Firewall FTP Bounce vulnerability
  • 20020417 Re: Raptor Firewall FTP Bounce vulnerability
confirm http://securityresponse.symantec.com/avcenter/security/Content/2002.04.17.html
xf raptor-firewall-ftp-bounce(8847)
Last major update 08-03-2011 - 02:08
Published 03-07-2002 - 04:00
Last modified 08-03-2011 - 02:08
Back to Top