Date: Mon, 22 Jul 2002 23:09:11 +0200
From: "Securiteinfo.com" <[email protected]>
To: [email protected]Subject: Pablo Sofware Solutions FTP server Directory Traversal Vulnerability
Pablo Sofware Solutions FTP server Directory Traversal Vulnerability
=2EoO Overview Oo.
Pablo Software Solutions FTP server version 1.0 build 9 shows files and=20
directories that reside outside the normal FTP root directory.=20
Discovered on 2002, July, 20th
Vendor: Pablo Software Solutions
Pablo's FTP Server is a multi threaded FTP server for Windows 98/NT/XP.=20
It comes with an easy to use interface and can be accessed from the syste=
m=20
tray. =20
The server handles all basic FTP commands and offers easy user account=20
management and support for virtual directories.
This FTP server can shows file and directory content that reside outside =
the=20
normal FTP root directory.
=2EoO Details Oo.
The vulnerability can be done using the MS-DOS ftp client. When you are=20
logged on the server, you can send a dir \..\, or a dir \..\WINNT, suppos=
ed=20
your root directory is c:\ftp_server=20
=2EoO Solution Oo.
The vendor has been informed and has solved the problem.
Download Pablo's FTP Server Build 10 at :=20
http://www.pablovandermeer.nl/ftp_server.html
=2EoO Discovered by Oo.
Arnaud Jacques
[email protected]http://www.securiteinfo.com
