Re: Fastream Technologies FTP++ Server for Windows Gives Access to Files and Directories Outside the Server's Main Directory
|
|
SecurityTracker Alert ID: 1000990 |
|
SecurityTracker URL: http://securitytracker.com/id/1000990
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Mar 6 2001
|
Impact:
Disclosure of system information, Disclosure of user information
|
|
Version(s): Beta 11
|
Description:
The Fastream Technologies Windows-based FTP++ server contains a vulnerability that allows authorized users to remotely access files and directories outside of the server's root directory. In addition, the server provides the user with real path names instead of virtual path names.
SNS Reasearch reports that this was fixed in an earlier beta (tested by SNS Research), however the fix apparently wasn't incorporated in the latest version.
For more information about the previous problem, see:
http://www.jianteq.net/sns/adv/sns2k1-fastreamftp-adv.txt
|
Impact:
An authorized user with remote or local access to the FTP++ daemon can obtain files outside of the server's root directory.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.fastream.com/ftppp.htm (Links to External Site)
|
Cause:
Access control error
|
Underlying OS:
Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Mon, 5 Mar 2001 04:30:16 +0100
Subject: Re: Faststream FTP++ Client 2 Beta 11 (build in server)
|
Ouch. This was fixed in an earlier beta (tested it), however it seems the fix
wasn't incorporated in the latest version. A bit sloppy, anyways,
here's the rest as reported earlier. Approaching new "fixes" with
caution might be advisable :(
http://www.jianteq.net/sns/adv/sns2k1-fastreamftp-adv.txt
Scsi
|
|
