Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

ad20050303.txt

🗓️ 15 Mar 2005 00:00:00Reported by SowhatType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 27 Views

Gene6 FTP Server Local Privilege Escalation Vulnerability. Exploitation allows local users to obtain Local System privileges, providing complete control of the affected system

Code
`Gene6 FTP Server Local Privilege Escalation Vulnerability   
  
  
By Sowhat  
03.Mar.2005  
http://secway.org/Advisory/ad20050303.txt  
  
  
Product:  
Gene6 FTP Server  
  
Vendor:  
Gene6 Sarl Inc.  
  
  
(1) Introduction  
  
Gene6 FTP Server is a popular FTP Server for Microsoft Windows platforms.  
For more information: www.G6FtpServer.com  
  
  
(2) Details  
  
Local exploitation of a design error vulnerability in Gene6 FTP Server could   
  
allow the attacker to gain elevated Priveleges,usually the SYSTEM.  
  
The problem is that ,After a default installation,a local  
non-privleged user can  
  
Modify the settings of the Gene6 FTP Server,such as adding a new "SITE   
  
COMMAND",And because the Gene6 FTP Server run under the SYSTEM ,so  
it's easy to elevate the privelege.  
  
Exploit:  
1.Logon as a unprivileged user  
  
2.Open the Gene6 FTP Server control console.Add a FTP user account,for   
  
example,"test"  
  
3.Add a new "SITE" COMMAND for the FTP server,to do this ,you need to map a   
  
executable files to a new SITE COMMAND.see step 4 and 5  
  
4.Simply write a .bat file named ABC.bat  
---cut here -------------------------  
net user abc /add  
net localgroup administrators abc /add  
---cut here -------------------------  
  
5.Map this ABC.bat to a new SITE command ,for example ,"ABC"  
  
6.ok,now it's the time to GOT the SYSTEM privelege.  
Use the "test" user logon to the FTP server,and execute the following command:  
ftp>quote site abc  
OK.the ABC.bat was executed as SYSTEM,you got it !  
  
Of course ,you can Map any executable files as you want :)  
  
(3) Impact  
  
Exploitation allows local users to obtain Local System privileges,   
thereby providing them with complete control of the affected system.  
  
  
(4) Vendor Reply  
  
Reply from the [email protected]  
"there are already options in the software to disallow this if running in   
  
multiple users environment which you should also report as solution. It is true   
  
that it may not be obvious though"  
  
They said that in fact there is an option to set up an FTP  
administrator account  
  
,and also need some other steps. "It is true that it may not be obvious though"  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
15 Mar 2005 00:00Current
7.4High risk
Vulners AI Score7.4
gene6 ftp serverlocal privilege escalationvulnerabilityexploitationmicrosoft windowssystemadministrator account
27