|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[sec-adv] ST FTP Service Directory Traversal Vulnerability
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Mon May 26 2003 - 09:08:06 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
ST FTP Service Directory Traversal Vulnerability
READ ONLINE:
http://www.secunia.com/advisories/8856/
CRITICAL:
Moderately critical
IMPACT:
Exposure of sensitive information
WHERE:
From remote
SOFTWARE:
ST FTP Server 3.x
DESCRIPTION:
A directory traversal vulnerability has been identified in ST FTP
Server. This allows malicious users to access any drive or directory,
which the FTP server process got privileges to.
The problem is that the "cd" command e.g. takes "c:" as a valid
argument.
SOLUTION:
Limit access so that only trusted user got access to the FTP
service.
To limit the impact of directory traversal you could also implement
NTFS and restrict access for the web server process, so that it can
not access files outside the ftp root.
REPORTED BY / CREDITS:
D4rkGr3y
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]