OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Tamer Sahin (ts_at_securityoffice.net)
Date: Tue Nov 12 2002 - 09:58:06 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: MD5

    - --[ Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability ]--

    - --[ Type

    Directory Traversal

    - --[ Release Date

    November 12, 2002

    - --[ Product / Vendor

    Hyperion FTP Server is a powerful, reliable FTP server for Windows 95/98/NT/2000,
    and supports all basic FTP commands, and much more, such as passive mode.

    http://www.mollensoft.com

    - --[ Summary

    A vulnerability exists in Hyperion Ftp Server which allows a remote user to
    traverse the directories of a target host. This may lead to the disclosure of
    file and directory contents. Arbitrary directories can be accessed through the
    use of double dot '../' techniques when using the 'ls' command.

    - --[ Tested

    Hyperion Ftp Server v2.8.1 / Windows 2000 sp3
    Hyperion Ftp Server v2.8.1 / Windows 98 SE

    - --[ Vulnerable

    Hyperion Ftp Server v2.8.1 / Windows 2000 sp3
    Hyperion Ftp Server v2.8.1 / Windows 98 SE

    - --[ Disclaimer

    http://www.securityoffice.net is not responsible for the misuse or illegal
    use of any of the information and/or the software listed on this security advisory.

    - --[ Author

    Tamer Sahin
    tssecurityoffice.net
    http://www.securityoffice.net

    All our advisories can be viewed at http://www.securityoffice.net/articles/

    Please send suggestions, updates, and comments to feedbacksecurityoffice.net

    (c) 2002 SecurityOffice

    This Security Advisory may be reproduced and distributed, provided that this Security
    Advisory is not modified in any way and is attributed to SecurityOffice and provided
    that such reproduction and distribution is performed for non-commercial purposes.

    Tamer Sahin
    http://www.securityoffice.net

    -----BEGIN PGP SIGNATURE-----
    Version: 2.6

    iQEVAwUAPdElEPpL5ibJRTtBAQEyXwf7BywUZz1Ls8HWrNkos35NaErorXA6Geiy
    +Ii9NakLjG+ITR86h8FcEnNmjtUpjdGFPqLbDJq7UdpAA/llIBGB5HmURariY8Mf
    7aoREOANHy0ShUzwxBvR6OgsaxQ2mpinY15mgyWKwAoq6oUdiOttTTCNYLeZ9sup
    Hmf+QWfqWwtUsVxSAqtHGrp7+9QH0aPO8VVsKzE1UrjwMxCBpgv+99u78ESgkWaM
    CqwmmTzjPk0x1rzZrDafrQZO34Ts3+72cuM3wV2MDfdQNOO9RC6Hv7MimLZXn+M3
    QI0ToqYmHQfctBOG6Bk5cshG5yz7JqFjz8bCI6f1vdoI3PRHR3Kiig==
    =pmk3
    -----END PGP SIGNATURE-----