ID SECURITYVULNS:DOC:2267 Type securityvulns Reporter Securityvulns Modified 2001-12-14T00:00:00
Description
There exists a vulnerability in EFTP 2.0.8.346
Vendor notified: 12/12/2001
Vendor reply/fix: 12/12/2001
Vendor Homepage: http://www.eftp.org/
Platforms tested:
windows nt 4 /sp6
windows 2000 /sp2
windows XP
----------=[ Program info ]=----------
>From vendor homepage:
"Encrypted File Transfer Protocol™ release 2 is the fast, easy way to
send and receive files to and from your PC. With data transfer rates
literally unaffected by real time encryption mode, the perfect
solution for total security. Compatible with most other Server or
Client based applications in standard 'non encrypted' mode."
----------=[ Vulnerability information ]=----------
It is possible to see the contents of every drive and directory of
vulnerable server.
A valid user account is required to exploit this vulnerability.
It works both with encryption and w/o encryption.
Here's how it's done:
the user is logged in to his home directory (let's say d:\userdir)
when the user issues a CWD to another directory server returns
permission denied.
But, first changing directory to "..." (it will chdir to d:\userdir\...)
then issuing a CWD to "\" will say permission denied but it will
successfully change to root directory of the current drive.
And everytime we want to see a dir's content, we first CWD to our
home directory and then CWD ... and then CWD directly to desired
directory (CWD c:/ or c:/winnt etc)
So it is possible to see directory contents but i did not test to see
if there is a possible way to get/put files.
----------=[ Solution ]=----------
Vendor released a fixed version (2.0.8.348) which can be obtained from
vendor's homepage:
http://www.eftp.org/
Best Regards & Happy Xmas
Ertan Kurt
Ertan Kurt
Olympos Security
www.olympos.org
{"id": "SECURITYVULNS:DOC:2267", "bulletinFamily": "software", "title": "EFTP 2.0.8.346 directory content disclosure", "description": "\r\nThere exists a vulnerability in EFTP 2.0.8.346\r\nVendor notified: 12/12/2001\r\nVendor reply/fix: 12/12/2001\r\nVendor Homepage: http://www.eftp.org/\r\nPlatforms tested:\r\nwindows nt 4 /sp6\r\nwindows 2000 /sp2\r\nwindows XP\r\n\r\n----------=[ Program info ]=----------\r\n>From vendor homepage:\r\n"Encrypted File Transfer Protocol\u2122 release 2 is the fast, easy way to\r\nsend and receive files to and from your PC. With data transfer rates\r\nliterally unaffected by real time encryption mode, the perfect\r\nsolution for total security. Compatible with most other Server or\r\nClient based applications in standard 'non encrypted' mode."\r\n\r\n----------=[ Vulnerability information ]=----------\r\nIt is possible to see the contents of every drive and directory of\r\nvulnerable server.\r\nA valid user account is required to exploit this vulnerability.\r\nIt works both with encryption and w/o encryption.\r\nHere's how it's done:\r\nthe user is logged in to his home directory (let's say d:\userdir)\r\nwhen the user issues a CWD to another directory server returns\r\npermission denied.\r\nBut, first changing directory to "..." (it will chdir to d:\userdir\...)\r\nthen issuing a CWD to "\" will say permission denied but it will\r\nsuccessfully change to root directory of the current drive.\r\nAnd everytime we want to see a dir's content, we first CWD to our\r\nhome directory and then CWD ... and then CWD directly to desired\r\ndirectory (CWD c:/ or c:/winnt etc)\r\n\r\nSo it is possible to see directory contents but i did not test to see\r\nif there is a possible way to get/put files.\r\n\r\n----------=[ Solution ]=----------\r\nVendor released a fixed version (2.0.8.348) which can be obtained from\r\nvendor's homepage:\r\nhttp://www.eftp.org/\r\n\r\nBest Regards & Happy Xmas\r\n\r\nErtan Kurt\r\n\r\nErtan Kurt\r\nOlympos Security\r\nwww.olympos.org\r\n", "published": "2001-12-14T00:00:00", "modified": "2001-12-14T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:2267", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:05", "edition": 1, "viewCount": 5, "enchantments": {"score": {"value": 2.0, "vector": "NONE", "modified": "2018-08-31T11:10:05", "rev": 2}, "dependencies": {"references": [{"type": "nessus", "idList": ["EULEROS_SA-2020-1498.NASL", "EULEROS_SA-2020-1457.NASL", "EULEROS_SA-2020-1496.NASL", "EULEROS_SA-2020-1477.NASL", "EULEROS_SA-2020-1491.NASL", "EULEROS_SA-2020-1494.NASL", "EULEROS_SA-2020-1483.NASL", "EULEROS_SA-2020-1489.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201494", "OPENVAS:1361412562311220201431", "OPENVAS:1361412562311220201489", "OPENVAS:1361412562311220201457", "OPENVAS:1361412562311220201477", "OPENVAS:1361412562311220201400", "OPENVAS:1361412562311220201491", "OPENVAS:1361412562311220201476", "OPENVAS:1361412562311220201430", "OPENVAS:1361412562311220201473"]}], "modified": "2018-08-31T11:10:05", "rev": 2}, "vulnersScore": 2.0}, "affectedSoftware": []}
{"rst": [{"lastseen": "2021-01-17T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **7-4[.]us.api.binance.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-01-17T03:00:00, Last seen: 2021-01-17T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-17T00:00:00", "id": "RST:DB6C42E0-2267-30E3-A2C4-E5B387175EC4", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: 7-4.us.api.binance.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-24T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **coinobot[.]ozcoin.net** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-02-24T03:00:00, Last seen: 2021-02-24T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-24T00:00:00", "id": "RST:3DCA0621-2267-3517-9A86-5C43105B3115", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: coinobot.ozcoin.net", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **juegosgames[.]us** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **spam**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:984FD656-2267-307B-B377-ECFF0C5AF6A6", "href": "", "published": "2021-02-24T00:00:00", "title": "RST Threat feed. IOC: juegosgames.us", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **0[.]0.0.0 community.xmr.to** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-02-23T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-23T00:00:00", "id": "RST:8F5E4678-2267-3F60-811B-6165398F5BFC", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: 0.0.0.0 community.xmr.to", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **0[.]0.0.0 hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.bitcoin-server.de** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-02-23T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-23T00:00:00", "id": "RST:1A58E3B9-2267-3AAF-A70E-4B797984799C", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: 0.0.0.0 hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.hostmaster.bitcoin-server.de", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **west-pack[.]cloudaccess.host** in [RST Threat Feed](https://rstcloud.net/profeed) with score **43**.\n First seen: 2021-02-17T03:00:00, Last seen: 2021-02-22T03:00:00.\n IOC tags: **generic**.\nDomain has DNS A records: 104[.]37.84.3\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-17T00:00:00", "id": "RST:70D72E0C-2267-3DF6-B587-5DF5C3760F3C", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: west-pack.cloudaccess.host", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **0[.]0.0.0 noss.nanopool.org** in [RST Threat Feed](https://rstcloud.net/profeed) with score **48**.\n First seen: 2021-02-23T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **cryptomining**.\nDomain has DNS A records: 52[.]1.161.122\nWhois:\n Created: 2015-08-18 08:30:17, \n Registrar: unknown, \n Registrant: unknown.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-23T00:00:00", "id": "RST:1F31DE00-2267-3F5B-9558-7272FA8E8044", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: 0.0.0.0 noss.nanopool.org", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **0[.]0.0.0 solo-bth.easyx.cc** in [RST Threat Feed](https://rstcloud.net/profeed) with score **20**.\n First seen: 2021-02-23T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **cryptomining**.\nWhois:\n Created: 2019-10-02 18:14:31, \n Registrar: Porkbun LLC, \n Registrant: unknown.\nIOC could be a **False Positive** (Domain not resolved, but Whois records found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-23T00:00:00", "id": "RST:C99FA38A-2267-37B4-A65A-5C93655E37A4", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: 0.0.0.0 solo-bth.easyx.cc", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **0[.]0.0.0 antivirus-server.binance.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **48**.\n First seen: 2021-02-23T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **cryptomining**.\nDomain has DNS A records: 54[.]95.212.255,54.250.4.108\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-23T00:00:00", "id": "RST:379500F3-2267-32F2-85A0-AD3A9866A7F2", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: 0.0.0.0 antivirus-server.binance.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-14T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **flyingeye[.]co.za** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-02-14T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:16820F9C-2267-331C-A088-40287809384F", "href": "", "published": "2021-02-15T00:00:00", "title": "RST Threat feed. IOC: flyingeye.co.za", "type": "rst", "cvss": {}}]}