SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (File Transfer/Sharing)  >   Smallftpd Vendors:   smallftpd.free.fr
Smallftpd Discloses Files on the System to Remote Users
SecurityTracker Alert ID:  1006685
SecurityTracker URL:  http://securitytracker.com/id/1006685
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 30 2003
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  
Version(s): 1.0.2 and prior versions
Description:   A vulnerability was reported in Smallftpd. A remote user can view files on the server that are located outside of the FTP root directory.

It is reported that a remote authenticated user, including an anonymous user, can generate a CWD command with directory traversal characters ".." to view files located outside of the FTP document directory.

A demonstration exploit is provided:

CWD \..\..

It is also reported that version 0.99 allows remote users to send "%s %s" as the login name to cause the FTP service to crash. A remote authenticated user can also trigger a buffer overflow by issuing a command with more than 280 characters, cauing the service to crash.
Impact:   A remote authenticated user (including an anonymous users) can view files on the system that are located outside of the FTP document directory.

On previous versions (0.99), a remote authenticated user can cause the system to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  smallftpd.free.fr/ (Links to External Site)
Cause:   Boundary error, Input validation error
Underlying OS:   Windows (Any)

Message History:   None.

 Source Message Contents
Date:  Wed, 30 Apr 2003 12:05:27 +0200
Subject:  smallftpd's version 1.0.2 Directory Transversal Vulnerability


Smallftpd is a simple and small Ftp server for windows. A vulnerability 
exists in smallftpd v 1.02(http://smallftpd.free.fr/) that allow 
unauthorizeded users to browse the root directorys and skip access list.


CWD \..\..
250 CWD command successful.


also smallftpd v0.99 avaliable to download at http://smallftpd.free.fr too 
have multiple vulnerabilities.

Denial OF service: just type "%s %s" as login and the ftp server will crash.
buffer overflows when a command have length >280 chars. example: cd 
AAAAAAAAAA...

this bugs seems to be patched in the lastest version.


at4r [at] 3wdesign.es Security 2003


_________________________________________________________________
Melodías, logos y mil servicios para tu teléfono en MSN Móviles.  
http://www.msn.es/MSNMovil/


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC