Date: Sun, 27 May 2001 10:33:08 -0700 (PDT)
From: ByteRage <[email protected]>
To: [email protected]Subject: CesarFTP v0.98b triple dot Directory Traversal / Weak password encryption
CesarFTP v0.98b triple dot Directory Traversal / Weak
password encryption
AFFECTED SYSTEMS
CesarFTP v0.98b on Windows 9x / ME
DESCRIPTION
1) Directory Traversal
First, we need a directory where we have access to on
the victim host...
(Or we can create one if we have enough rights)
ftp://127.0.0.1/
might give us a directory RESTRICTED/ for example
now we do :
ftp://127.0.0.1/RESTRICTED/...%5c/
and we're out of the restricted subdirectory, we have
read access to the whole harddrive
2)
Once again an FTP server with weak password
encryption...
The username:password pairs are stored in plaintext in
the program directory. (\program
files\CesarFTP\settings.ini)
Combined with the directory traversal, the password
file can be easily attained by any user...
VENDOR STATUS
I have sent this advisory to <[email protected]>
[ByteRage] <[email protected]> [www.byterage.cjb.net]
__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - buy the things you want at great prices
http://auctions.yahoo.com/
