Vulnerabilities In Pablo Software Solutions FTP Service 1.2

From: JeiAr (jeiarat_private)
Date: Tue Jun 03 2003 - 13:41:27 PDT

Next message: SGI Security Coordinator: "[Full-Disclosure] Updated SGI Apache Version Available for IRIX"

Previous message: Berend-Jan Wever: "Re: Tornado www-server v1.2: directory traversal, buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Plaintext Password Vulnerability ------------------------------------ User info is stored in users.dat in plaintext. If the anonymous account is present (it is by default) the entire FTP server can be compromised ftp://somewhere/program files/pablo's ftp service/users.dat Default Anonymous Account ------------------------------------ The anonymous account is by default set to have download access to anything in the C:\ directory. While this can be disabled by simply deleting the anonymous account, it poses a serious threat for anyone not aware of the problem. ftp://somewhere/windows/repair/sam In conclusion this application is totally open to complete compromise by default. Vendor was notified and plans on releasing a fix soon. Credits ------------------------------------ Creits go to JeiAr of GulfTech Computers and CSA Security Research Team http://www.gulftech.org

Next message: SGI Security Coordinator: "[Full-Disclosure] Updated SGI Apache Version Available for IRIX"
Previous message: Berend-Jan Wever: "Re: Tornado www-server v1.2: directory traversal, buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jun 03 2003 - 14:42:08 PDT