FTGate Version 2.1 Web interface Server Directory Traversal

From: Ussr Labs (labsat_private)
Date: Fri Nov 05 1999 - 02:04:51 PST

Next message: Michael Almond: "SCO Security Bulletin 99.17"

Previous message: Markus Friedl: "ssh-1.2.27 fails to check size of RSA-key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

FTGate Version 2.1 Web interface Server Directory Traversal Vulnerability

Product:

FTGate Version 2.1
FTGate has many advanced features including:
- Proxy Support ,  Kill List ,  Advanced delivery options,  Logging ,
Address Mapping-
- Domain Aliases,  File import ,  Full Multithreading,  HTML Interface
- Command Processor, RAS Dial-up/Proxy/LAN support,  SmartPop
- Runs as either an Application or a service
- POP3 server.
- SMTP server/gateway


PROBLEM

UssrLabs found a FTGate Version 2.1 Web interface Server Directory Traversal
Vulnerability
Using the string '../' in a URL, an attacker can gain read access to
any file outside of the intended web-published filesystem directory

There is not much to expand on this one....

Example:

http://127.1:8080/../../../autoexec.bat      to show autoexec.bat


Vendor Status:
no contacted

Vendor   Url: http://www.floosietek.com
Program Url: http://www.floosietek.com/ftgatehome.htm

Credit: USSRLABS

SOLUTION

    Nothing yet.

Next message: Michael Almond: "SCO Security Bulletin 99.17"
Previous message: Markus Friedl: "ssh-1.2.27 fails to check size of RSA-key"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:46 PDT