SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Issue multiple certificates with Thawte SPKI
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (File Transfer/Sharing)  >  Smallftpd Vendors:  smallftpd.free.fr
Smallftpd Discloses Files on the System to Remote Users
SecurityTracker Alert ID:  1006685
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 30 2003
Impact:  Denial of service via network, Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  
Version(s): 1.0.2 and prior versions
Description:  A vulnerability was reported in Smallftpd. A remote user can view files on the server that are located outside of the FTP root directory.

It is reported that a remote authenticated user, including an anonymous user, can generate a CWD command with directory traversal characters ".." to view files located outside of the FTP document directory.

A demonstration exploit is provided:

CWD \..\..

It is also reported that version 0.99 allows remote users to send "%s %s" as the login name to cause the FTP service to crash. A remote authenticated user can also trigger a buffer overflow by issuing a command with more than 280 characters, cauing the service to crash.
Impact:  A remote authenticated user (including an anonymous users) can view files on the system that are located outside of the FTP document directory.

On previous versions (0.99), a remote authenticated user can cause the system to crash.
Solution:  No solution was available at the time of this entry.
Vendor URL:  smallftpd.free.fr/ (Links to External Site)
Cause:  Boundary error, Input validation error
Underlying OS:  Windows (Any)
Reported By:  "aT4r InsaN3" <at4r@hotmail.com>
Message History:   None.

 Source Message Contents
Date:  Wed, 30 Apr 2003 12:05:27 +0200
From:  "aT4r InsaN3" <at4r@hotmail.com>
Subject:  smallftpd's version 1.0.2 Directory Transversal Vulnerability 

 

Smallftpd is a simple and small Ftp server for windows. A vulnerability 
exists in smallftpd v 1.02(http://smallftpd.free.fr/) that allow 
unauthorizeded users to browse the root directorys and skip access list.


CWD \..\..
250 CWD command successful.


also smallftpd v0.99 avaliable to download at http://smallftpd.free.fr too 
have multiple vulnerabilities.

Denial OF service: just type "%s %s" as login and the ftp server will crash.
buffer overflows when a command have length >280 chars. example: cd 
AAAAAAAAAA...

this bugs seems to be patched in the lastest version.


at4r [at] 3wdesign.es Security 2003


_________________________________________________________________
Melodías, logos y mil servicios para tu teléfono en MSN Móviles.  
http://www.msn.es/MSNMovil/


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2002, SecurityGlobal.net LLC