DATE:  
COMMAND                                            SOURCE: 
                                                   AUTHOR: 
  FTP

SYSTEMS AFFECTED

  Win NT 3.5, 3.51, 4.0
  Passive connection support

PROBLEM

    The  FTP  service  allows  passive  connections  to be established
    based on the  port address given  by client. This  can enable some
    hackers to  use this  facility to  execute malicious  commands off
    the FTP service.

    The registry contains an entry in

        <System\CurrentControlSet\Services\MSFTPSVC\Parameters>

    where the value could be enabled for value <EnablePortAttack:

        REG_DWORD: >. Verify this value is '0', not '1'.



EXPLOIT

  

SOLUTION

    See above.