{"id": "SECURITYVULNS:DOC:1608", "bulletinFamily": "software", "title": "Hexyn / Securax Advisory #17 - Bison FTP Server Directory Traversal", "description": "Hexyn / Securax Advisory #17 - Bison FTP Server Directory Traversal\r\n\r\nTopic: Bison FTP Server Directory Traversal\r\nAnnounced: 2001-02-17\r\nAffects: Bison FTP Server version 4 Release 1\r\n\r\nDISCLAIMER:\r\n***********\r\nTHE ENTIRE ADVISORY HAS BEEN BASED UPON TRIAL AND ERROR RESULTS.\r\nTHEREFORE WE CANNOT ENSURE YOU THE INFORMATION BELOW IS 100% CORRECT.\r\nTHIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT PRIOR NOTICE.\r\n\r\nTHIS ADVISORY HAS ONLY BEEN TESTED ON WINDOWS 98 AND ONLY ON A SMALL\r\nCOLLECTION OF TEST SERVERS, SO THE OFFERED INFORMATION MAY NOT ALWAYS\r\nBE CORRECT.\r\n\r\nI. Problem Description\r\n**********************\r\nBison FTP Server is an FTP server for Windows 9x/NT. A bug allows any\r\nuser to change to any directory.\r\n\r\nII. Impact\r\n**************\r\nWhen sending the command "CWD ..." (or "cd ..." in the default UNIX FTP\r\nclient), the server will go one directory up.\r\n\r\nExample:\r\n--------\r\n\r\n<snip>\r\n230 User anonymous logged in.\r\nRemote system type is UNIX.\r\nUsing binary mode to transfer files.\r\nftp> cd /.../.../\r\n250 CWD command successful.\r\nftp> ls\r\n200 PORT command successful.\r\n150 Opening ASCII mode data connection for /.\r\n<directory listing of c:\>\r\nftp> quit\r\n221 Bye.\r\n\r\nIII. Solution\r\n*************\r\nAt this time, no patch is available yet.\r\n\r\nIV. Credits\r\n***********\r\nBug discovered by t-Omicr0n <omicr0n@themail.com>\r\n\r\nGreets to: f0bic, The Incubus, R00T-dude, cicer0, vorlon, sentinel,\r\noPr, Reggie, F_F, Shaolin_p, Segfau|t, NecrOmaN, Zym0t1c, l0r3,\r\nPreat0r, T0SH, zeroX, AreS, tips, Lacrima, GigaByte and everyone\r\nat #securax@irc.hexyn.be\r\n\r\n-- t-Omicr0n @ http://t-Omicr0n.hexyn.be\r\n", "published": "2001-05-14T00:00:00", "modified": "2001-05-14T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:1608", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:04", "edition": 1, "viewCount": 3, "enchantments": {"score": {"value": 2.3, "vector": "NONE", "modified": "2018-08-31T11:10:04", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["EULEROS_SA-2020-1498.NASL", "EULEROS_SA-2020-1457.NASL", "EULEROS_SA-2020-1496.NASL", "EULEROS_SA-2020-1477.NASL", "EULEROS_SA-2020-1491.NASL", "EULEROS_SA-2020-1494.NASL", "EULEROS_SA-2020-1483.NASL", "EULEROS_SA-2020-1489.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201494", "OPENVAS:1361412562311220201431", "OPENVAS:1361412562311220201489", "OPENVAS:1361412562311220201457", "OPENVAS:1361412562311220201477", "OPENVAS:1361412562311220201400", "OPENVAS:1361412562311220201491", "OPENVAS:1361412562311220201476", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201473"]}], "modified": "2018-08-31T11:10:04", "rev": 2}, "vulnersScore": 2.3}, "affectedSoftware": []}

{"rst": [{"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **a[.]cryptonow.ml** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:9E988FC0-1608-35ED-8581-A4863E243F43", "href": "", "published": "2021-01-18T00:00:00", "title": "RST Threat feed. IOC: a.cryptonow.ml", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **abasourdir[.]tech** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:780D287E-1608-3FF9-A10C-A2EE4A4BB44C", "href": "", "published": "2021-01-18T00:00:00", "title": "RST Threat feed. IOC: abasourdir.tech", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **0ff-warface[.]zzz.com.ua** in [RST Threat Feed](https://rstcloud.net/profeed) with score **24**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **generic**.\nDomain has DNS A records: 5[.]79.66.145\nWhois:\n Created: 2015-02-14 13:52:52, \n Registrar: unknown, \n Registrant: unknown.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:6CEA22B7-1608-3DAA-BA5E-32E1661A0B24", "href": "", "published": "2021-01-18T00:00:00", "title": "RST Threat feed. IOC: 0ff-warface.zzz.com.ua", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **http://27[.]202.191.77:32799/mozi.a** in [RST Threat Feed](https://rstcloud.net/profeed) with score **55**.\n First seen: 2021-01-05T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **malware**.\nIt was found that the IOC is used by: **mozi**.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-05T00:00:00", "id": "RST:43F79BDB-1608-3359-AA6F-845C3D6C4213", "href": "", "published": "2021-01-18T00:00:00", "title": "RST Threat feed. IOC: http://27.202.191.77:32799/mozi.a", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **magnacord[.]com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **24**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **generic**.\nDomain has DNS A records: 173[.]236.199.107\nWhois:\n Created: 2012-12-02 12:54:30, \n Registrar: DREAMHOST, \n Registrant: Proxy Protection LLC.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:826B0BE7-1608-3522-92A6-07A90D839CE7", "href": "", "published": "2021-01-18T00:00:00", "title": "RST Threat feed. IOC: magnacord.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **nfwomen[.]com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **2**.\n First seen: 2019-12-12T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **generic**.\nDomain has DNS A records: 78[.]46.156.194\nWhois:\n Created: 2013-11-08 10:52:49, \n Registrar: Hetzner Online GmbH, \n Registrant: unknown.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-12T00:00:00", "id": "RST:58BF9048-1608-380B-8E13-F9964E80D340", "href": "", "published": "2021-01-18T00:00:00", "title": "RST Threat feed. IOC: nfwomen.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **brightvisionsalt[.]com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **24**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **generic**.\nDomain has DNS A records: 23[.]202.231.167,23.217.138.108\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:4B21D41F-1608-3806-9511-685FF970FA05", "href": "", "published": "2021-01-18T00:00:00", "title": "RST Threat feed. IOC: brightvisionsalt.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **summerworld[.]online** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-01-03T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **malware**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-03T00:00:00", "id": "RST:EA10C78E-1608-3A78-8685-ACDDD40373BC", "href": "", "published": "2021-01-18T00:00:00", "title": "RST Threat feed. IOC: summerworld.online", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **84[.]158.15.40** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **53**.\n First seen: 2021-01-17T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **tor_node**.\nASN 3320: (First IP 84.128.0.0, Last IP 84.191.255.255).\nASN Name \"DTAG\" and Organisation \"Internet service provider operations\".\nASN hosts 444151 domains.\nGEO IP information: City \"Dessau\", Country \"Germany\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-17T00:00:00", "id": "RST:6BD69EDE-1608-338B-9D12-41F430916AED", "href": "", "published": "2021-01-18T00:00:00", "title": "RST Threat feed. IOC: 84.158.15.40", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **24[.]159.169.117** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **22**.\n First seen: 2020-12-23T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **generic**.\nASN 20115: (First IP 24.158.0.0, Last IP 24.159.173.255).\nASN Name \"CHARTERNETHKYNC\" and Organisation \"Charter Communications\".\nASN hosts 30248 domains.\nGEO IP information: City \"Gering\", Country \"United States\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-23T00:00:00", "id": "RST:BC326F20-1608-3F90-B59D-2F3491D432AF", "href": "", "published": "2021-01-18T00:00:00", "title": "RST Threat feed. IOC: 24.159.169.117", "type": "rst", "cvss": {}}]}