Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:1537
HistoryApr 20, 2001 - 12:00 a.m.

@stake Security Advisory: G6 FTP File Existence Disclosure and Netbios Hash Retrieval (A040301-1)

2001-04-2000:00:00
vulners.com
11
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                            @stake, Inc.
                          www.atstake.com

                   Security Advisory Notification

Advisory Name: G6 FTP File Existence Disclosure and Netbios Hash Retrieval
Release Date: 04/03/2001
Application: G6 FTP Server v2.0 exploit and example, other applications
vulnerable to Netbios hash retrieval attack.
[Note: Application has been renamed to BPFTP Server v2.10]
Platform: Microsoft Windows 9x, NT, 2000, ME
Severity: Enumeration of files and directories of the system,
Windows Netbios credentials sent over the Internet to
arbitrary hosts.
Author: Rob Beck [[email protected]]
Vendor Status: Vendor has fixed version available for download
CVE: CAN-2001-0263, CAN-2001-0264
Reference: www.atstake.com/research/advisories/2001/a040301-1.txt

Executive Summary:

I. Gene6's G6 FTP Server fails to properly restrict access to files
outside of the ftp root directory, when using the 'size' and 'mdtm' ftp
commands, if the 'show relative paths' option is not set. These commands
can be used to gather useful information about the directory structure of
the host system.

II. Many software vendors are enabling features within their products to
take advantage of networked computers and shared resources either on a
local area network (LAN) or across the Internet. Almost all win32
applications now support the use of universal naming convention
(UNC) paths to access resources and files between machines running
Windows. Many of these application vendors fail to take into account the
security threat that arises should their features be misused or their
safeguards circumvented.

Overview:

     An attacker, through the use of 'trivial' exploits, may be able to

elevate the threat level of an attack by using features in Windows
applications or service software that allow an UNC path to be
supplied. By incorporating remote share paths into their attack methods,
attackers may have the ability to force a server into creating an
out-bound connection to hostile servers. When an attempt is made to
access the remote resources, the hostile servers would be able to capture
the victim computer's credentials. These credentials could then be used
for a more critical attack on the host system.

Vendor Response:

The vendor was very responsive and has made a fixed version of the
software available within a week of being notified of the issues.

A new fixed version of the software is available, BPFTP Server v2.10
(note the software name change). It can be downloaded from:

http://www.bpftpserver.com/download.html

Advisory Reference:

http://www.atstake.com/research/advisories/2001/a040301-1.txt

** The advisory contains additional information. We encourage those
** effected by this issue to read the advisory.
**
** All vulnerablity database maintainers should reference the above
** advisory reference URL to refer to this advisory.

Advisory policy: http://www.atstake.com/research/policy/
For more advisories: http://www.atstake.com/research/index.html
PGP Key: http://www.atstake.com/research/pgp_key.asc

Copyright 2001 @stake, Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0

iQA/AwUBOso3j1ESXwDtLdMhEQJpEQCfe+A7+6/21ENQaPKbreUQYccrQ7YAn23b
pE4oQFrFeEd8/0L3+RAxrp2c
=Ngkz
-----END PGP SIGNATURE-----

Related

cve 2
cve
cve
CVE-2001-0263
2001-06-18 04:00:00
CVE-2001-0264
2001-06-18 04:00:00
JSON
Related for SECURITYVULNS:DOC:1537
cve2