Date: Sun, 07 Apr 2002 12:26:54 +0200
From: Kistler Ueli <[email protected]>
To: [email protected]Subject: Typsoft FTP Server: yet another directory traversal vulnerability
Method: simple directory traversal
Risk: Medium
Website: www.typsoft.com (updated version available)
Hello
All versions of TYPSoft FTP Server 0.97.1 (and previous, but not tested)
are vulnerable to another
directory traversal vulnerability than the one already published on BugTraq.
A directory traversal vulnerability
(http://online.securityfocus.com/bid/2489) was already fixed in TYPSoft
FTP Server 0.85...
but it is still possible to use the following method:
Note:
it's possibly the same vulnerability as mentioned on
http://www.eeye.com/html/Support/Retina/RTHs/FTP_Servers/654.html
concerning 0.95,
but the author was not aware of the problem in his software...
simply add a the asterisk symbol (*) and every directory on the same
partition can be listed:
ls ../../*.*
ls "../../My%20files/*.*"
etc..
This allows an attacker to gain usefull information for further attacks.
Files CANNOT be downloaded using this vulnerability...
Fix: Download the latest version (07-04-2002 TYPSoft 0.97.5 (next
version after 0.97.1) from www.typsoft.com)
Regards,
Ueli Kistler
[email protected] / [email protected]
www.eclipse.fr.fm / www.packx.net
"Two things are infinite, the universe and the human stupidity, but
with the universe I am not so sure.", Albert Einstein (1879 - 1955)
.-~-.___. _________
/ | (. \ \|::::::;\
( ) O -|root:0:0|
\_/ ____/ -|:::::::;/
/==/ _ /|::::::;|
/ \_╞╞_: /_______\
/ __/╞| ____ | |
=(_______| |_________|
What if Dogs would hack your box...?
Greatz to: PackX (www.packx.net) - home of Rafale X, a scriptable packet
building tool
--
