QVT/Term FTP Server Arbitrary File/Directory Access

2001-04-13T00:00:00
ID OSVDB:4050
Type osvdb
Reporter Strumpf Noir Society(vuln-dev@greyhack.com)
Modified 2001-04-13T00:00:00

Description

Vulnerability Description

QVT/Term contains a flaw that allows a remote attacker to access arbitrary fles and directories outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the FTP command.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

QVT/Term contains a flaw that allows a remote attacker to access arbitrary fles and directories outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the FTP command.

Manual Testing Notes

ftp [victim]

ftp> ls .../ [file listing of C:\ is shown here] 226 Transfer complete.

References:

Vendor URL: http://www.qpc.com/ Related OSVDB ID: 1794 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-04/0231.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-09/0216.html Keyword: Directory Traversal ISS X-Force ID: 6375 CVE-2001-0680 Bugtraq ID: 2618