BisonFTP Server Discloses Files on the Server's Disk to Remote Users That Have Write Access on the FTP Server - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (File Transfer/Sharing) > BisonFTP

Vendors: BisonFTP

BisonFTP Server Discloses Files on the Server's Disk to Remote Users That Have Write Access on the FTP Server

SecurityTracker Alert ID: 1001907

SecurityTracker URL: http://securitytracker.com/id/1001907

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Jul 2 2001

Impact: Disclosure of system information, Disclosure of user information

Exploit Included: Yes

Version(s): V4R1

Description: ByteRage reported a vulnerability in BisonFTP server that allows remote users with write access to the FTP server to obtain files located anywhere on the same drive thast the server application is installed on.

A remote user that has write access to the FTP server (including anonymous write access) can upload a *.bdl directory link file. When the remote user changes directory (CD) to that *.bdl file, the FTP server will change to the directory specified in the link file.

The remote user can use this method to browse the entire drive with the same rights as assigned to the user's homedirectory.

The vendor has reportedly been notified.

Impact: A remote user with write permissions on the FTP server can traverse the drive that the FTP server is installed on and can retrieve files.

Solution: No solution was available at the time of this entry.

Vendor URL: www.bisonftp.com/index.htm (Links to External Site)

Cause: Access control error, Input validation error

Underlying OS: Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)

Message History: This archive entry has one or more follow-up message(s) listed below.

(Vendor Issues Fix) Re: BisonFTP Server Discloses Files on the Server's Disk to Remote Users That Have Write Access on the FTP Server
The vendor has released a fix.

Source Message Contents

Date: Mon, 2 Jul 2001 07:23:53 -0700 (PDT)
Subject: BisonFTP Server V4R1 *.bdl upload Directory Traversal


BisonFTP Server V4R1 *.bdl upload Directory Traversal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AFFECTED SYSTEMS

Bison FTP Server V4R1

DESCRIPTION

BisonFTP Server V4R1 allows any user to upload *.bdl
(a file format invented to make links to directories)
:

PUT \local.bdl remote.bdl

(We don't even need to append a dot, we can just
upload it)

If we create a *.bdl pointing to the harddrive's root
(using our own copy of BisonFTP Server) and we CD to
that link, we can browse the entire drive and we have
the same rights as we have in our homedirectory + we
can dive into subdirs whilst keeping the same rights.

IMPACT
users with write permissions can traverse directories,
by uploading a bdl file pointing to the desired
(root)directory

VENDOR STATUS

I have sent this advisory to info@bisonftp.com

=======================================================
[ByteRage] byterage@yahoo.com [www.byterage.cjb.net]
=======================================================

__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC