SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (File Transfer/Sharing)  >  Xlight Vendors:  xlightftpd.com
Xlight FTP Server '..\' Directory Traversal Flaw Discloses Files to Remote Users
SecurityTracker Alert ID:  1008466
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 15 2003
Impact:  Denial of service via network, Disclosure of system information, Disclosure of user information
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Advisory:  Global Security Solution IT (GSSIT)
Version(s): 1.40
Description:  Ziv Kamir of Global Security Solution IT reported a vulnerability in the Xlight FTP server. A remote authenticated user can view arbitrary files on the system and can cause the FTP service to crash.

It is reported that a remote authenticated user can issue the following type of commands to view arbitrary files that are located outside of the FTP root directory:

get ..\[Existing File]
recev ..\[Existing File]

It is also reported that a remote authenticated user can issue the following command to cause the FTP service to crash:

cd ~

The vendor was reportedly notified on December 10, 2003 and responded and fixed the flaw on the same day.
Impact:  A remote authenticated user can view arbitrary files on the target server.

A remote authenticated user can cause the target FTP service to crash.
Solution:  The vendor has released a fixed version (1.41), available at:

http://www.xlightftpd.com/download.htm
Vendor URL:  www.xlightftpd.com/ (Links to External Site)
Cause:  Exception handling error, Input validation error
Underlying OS:  Windows (Any)
Reported By:  GSS IT <gss_it@yahoo.com>
Message History:   None.

 Source Message Contents
Date:  Sun, 14 Dec 2003 07:00:34 -0800 (PST)
From:  GSS IT <gss_it@yahoo.com>
Subject:  Vulnerability Under Xlight FTP Server

 

This is a multi-part message in MIME format.
--------------050301000305050506060708
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit



Hi ,

------------------------------------------------------------------------
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing
<http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=21260/*http://photos.yahoo.com>


--------------050301000305050506060708
Content-Type: text/plain;
 name="Xlight.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="Xlight.txt"

14/12/03


====================================
 GSSIT - Global Security Solution IT
====================================		

-------------------------------------------------------

Application: Xlight ftp server 
Web Site:    http://www.xlightftpd.com/
Versions:    1.40
Platform:    Windows 
Bugs :       
              1) Directory Traversal
              2) D.O.S
             
                           
Credits:
########

#########################################
#         ==  Ziv Kamir ==              #
#                                       #
# GSSIT - Global Security Solution IT   #                   
#                                       #
#     Email : gss_it@yahoo.com          #
#                                       #
#                                       #
#########################################

---------------------

1) Introduction
2) Bug
3) The Code
4) Fix


================
1) Introduction
================

Xlight ftp server is a powerful ftp server with very small program size. Using its own unique algorit
hm, it could handle more users
 than other windows ftp servers. Besides its high performance, xlight ftp server also has a lot of un
ique features.

=======
2) Bugs
=======

1) Directory Traversal
    

2) D.O.S


===========
3) The Code
===========


1) Any authenticated user can read arbitrary files outside the FTP root Directory


  get ..\[Exist File]
  recev ..\[Exist File]

2) Any authenticated user can Crash the Server

  cd ~



======
4) Fix
======

Date of Vendor Notification:
----------------------------

Wed, 10 Dec 2003

Response:
---------

Wed, 10 Dec 2003 16:23:05

Thank you for the information. Vulnerability places under the prog have been found , the fix will com
e out very soon.
 
Best Regards,
 
Xlight ftp support

Fix :
-----

Wed, 10 Dec 2003 17:34:49 

Hi GSS IT,
 
    The fixs for Vulnerabilites are already applied. The version is updated in website.
 
    Thanks very much for the alert.
 
Best Regards,
 
xlight ftp server support

support@xlightftpd.com




==============================================================================================

                 *** The Data is for educational purpose only. *** 

          The information in this bulletin is provided "AS IS" without 
          warranty of any kind. In no event shall we be liable for any 
          damages whatsoever including direct, indirect, incidental, 
          consequential, loss of business profits or special damages. 

==============================================================================================

--------------050301000305050506060708--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2003, SecurityGlobal.net LLC