|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
smallftpd's version 1.0.2 Directory Transversal Vulnerability
From: aT4r InsaN3 (at4r
hotmail.com)
Date: Wed Apr 30 2003 - 05:05:27 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Smallftpd is a simple and small Ftp server for windows. A vulnerability
exists in smallftpd v 1.02(http://smallftpd.free.fr/) that allow
unauthorizeded users to browse the root directorys and skip access list.
CWD \..\..
250 CWD command successful.
also smallftpd v0.99 avaliable to download at http://smallftpd.free.fr too
have multiple vulnerabilities.
Denial OF service: just type "%s %s" as login and the ftp server will crash.
buffer overflows when a command have length >280 chars. example: cd
AAAAAAAAAA...
this bugs seems to be patched in the lastest version.
at4r [at] 3wdesign.es Security 2003
_________________________________________________________________
Melodías, logos y mil servicios para tu teléfono en MSN Móviles.
http://www.msn.es/MSNMovil/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]