A high-risk security vulnerability has been discovered in the default installation File Transfer Protocol (FTP) servers on the Unix platform, according to PGP's security response team, Covert Labs.
The vulnerability affects installations of Sun Solaris, Hewlett Packard HPUX, SGI Irix, NetBSD and FreeBSD, and may allow remote attackers to compromise servers for the purposes of data theft, network intrusions or website defacement.
Covert Labs explained that the holes were present in the FTP server software, which allows networks to share data with employees, partners and customers. As 90 per cent of enterprises use FTP in some form, the vulnerability could affect a significant number of global networks.
Jim Magdych, manager of Covert Labs, explained that when the FTP server attempts to match filename patterns when a user doesn't know the entire filename, it uses partial file names rather than specifics and relies on a function called glob().
This function resolves the character patterns with matching filenames, but an attacker could make use of special characters in the search term to introduce hostile code or commands.
"In addition to the threat of data loss or attacks against private networks, many web server administrators rely on FTP to post web content to their web servers," said Magdych, implying that the scale on which this could pose a threat is huge.
"These vulnerabilities could offer an easy avenue of approach for an attacker intent on defacing websites," he added.
12 of the 32 stars observed feature rings and gaps that are usually carved by planets in the process of formation
Overhaul to parachuting system and the ability to export clips from replays also coming to PUBG
The experiment is currently underway at South Korea's Yangyang Underground Laboratory
Exoplanet HAT-P-11b is located about 124 light years from Earth