Typsoft FTP Server: yet another directory traversal vulnerability

[Kistler Ueli <iuk () gmx ch>]

Method: simple directory traversal
Risk: Medium
Website: www.typsoft.com (updated version available)

Hello

All versions of TYPSoft FTP Server 0.97.1 (and previous, but not tested) 
are vulnerable to another
directory traversal vulnerability than the one already published on BugTraq.
A directory traversal vulnerability 
(http://online.securityfocus.com/bid/2489) was already fixed in TYPSoft 
FTP Server 0.85...
but it is still possible to use the following method:

Note:
it's possibly the same vulnerability as mentioned on 
http://www.eeye.com/html/Support/Retina/RTHs/FTP_Servers/654.html 
concerning 0.95,
but the author was not aware of the problem in his software...

simply add a the asterisk symbol (*) and every directory on the same 
partition can be listed:
ls ../../*.*
ls "../../My%20files/*.*"
etc..

This allows an attacker to gain usefull information for further attacks.
Files CANNOT be downloaded using this vulnerability...

Fix: Download the latest version (07-04-2002 TYPSoft 0.97.5 (next 
version after 0.97.1) from www.typsoft.com)

Regards,
 Ueli Kistler
 iuk () gmx ch / eclipse () packx net
 www.eclipse.fr.fm / www.packx.net

"Two things are infinite, the universe and the human stupidity, but
with the universe I am not so sure.", Albert Einstein (1879 - 1955)
  .-~-.___.      _________
 / |  (.   \    \|::::::;\
(  )        O   -|root:0:0|
 \_/   ____/    -|:::::::;/
   /==/ _       /|::::::;|
  / \_¯¯_:       /_______\
 /  __/¯|  ____ |         |
=(_______|       |_________|
What if Dogs would hack your box...?

Greatz to: PackX (www.packx.net) - home of Rafale X, a scriptable packet 
building tool

--