FTP Rush 1.1.3 Directory Traversal

Type packetstorm
Reporter High-Tech Bridge SA
Modified 2010-08-06T00:00:00


                                            `Vulnerability ID: HTB22527  
Reference: http://www.htbridge.ch/advisory/directory_traversal_in_ftp_rush.html  
Product: FTP Rush  
Vendor: IoRush Software ( http://www.ftprush.com/ )   
Vulnerable Version: 1.1.3 and Probably Prior Versions  
Vendor Notification: 22 July 2010   
Vulnerability Type: Directory Traversal Vulnerability  
Status: Not Fixed, Vendor Alerted, Awaiting Vendor Response  
Risk level: High   
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)   
Vulnerability Details:  
When exploited, this vulnerability allows an anonymous attacker to write files to specified locations on a user's system.  
The FTP client does not properly sanitise filenames containing directory traversal sequences that are received from an FTP server, for example  
file named as "..\..\..\..\..\..\..\somefile.exe".  
By tricking a user to download a directory from a malicious FTP server that contains files with backslash directory traversal sequences in their filenames,   
an attacker can potentially write files into a user's Startup folder to execute malicious code when the user logs on.