GuildFTPd Traversal Arbitrary File Access

2000-07-08T00:00:00
ID OSVDB:573
Type osvdb
Reporter Andrew Lewis(wizdumb@unix.za.net), ByteRage(byterage@yahoo.com)
Modified 2000-07-08T00:00:00

Description

Vulnerability Description

GuildFTPd contains a flaw that allows a remote attacker to view arbitrary files outside of the FTP path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "ls", "get" and possibly other variables.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

GuildFTPd contains a flaw that allows a remote attacker to view arbitrary files outside of the FTP path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "ls", "get" and possibly other variables.

Manual Testing Notes

ftp [victim] GET /../windows/system.ini c:\received-file.txt get ../autoexec.bat

References:

Vendor URL: http://www.guildftpd.com/index.php Related OSVDB ID: 370 Nessus Plugin ID:10694 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-05/0250.html Keyword: Directory Traversal Generic Informational URL: http://www.securiteam.com/windowsntfocus/5CP0S2A4AU.html CVE-2001-0767 Bugtraq ID: 2789