Mindstorm Networks SmartFTP Daemon User Hijack

2000-06-13T00:00:00
ID OSVDB:1394
Type osvdb
Reporter Moritz Jodeit(moritz@jodeit.org)
Modified 2000-06-13T00:00:00

Description

Vulnerability Description

SmartFTP Daemon contains a flaw that allows a remote attacker to hijack arbitrary account privileges. The flaw is due to the program not validating requests to access configuration files. If an attacker uploads a specially crafted configuration file with pointers to an arbitrary user, they can then login using a directory traversal style attack (../../) for the username which will access the arbitrary configuration file.

Solution Description

Upgrade to version 0.2 Build 10 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

SmartFTP Daemon contains a flaw that allows a remote attacker to hijack arbitrary account privileges. The flaw is due to the program not validating requests to access configuration files. If an attacker uploads a specially crafted configuration file with pointers to an arbitrary user, they can then login using a directory traversal style attack (../../) for the username which will access the arbitrary configuration file.

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-06/0100.html Keyword: Directory Traversal ISS X-Force ID: 4706 CVE-2000-0565 Bugtraq ID: 1344