Titan FTP Server 10.32 Build 1816 - Directory Traversal Vulnerability

2014-02-11T00:00:00
ID 1337DAY-ID-21879
Type zdt
Reporter Fara Rustein
Modified 2014-02-11T00:00:00

Description

Titan FTP server version 10.32 Build 1816 suffers from multiple directory traversal vulnerabilities.

                                        
                                            "Titan FTP Server Directory Traversal Vulnerabilities"
  
******************************************************************************
  
- Affected Vendor: South River Technologies
- Affected System: Titan FTP Server software (Version 10.32 Build 1816)
- Vendor Disclosure Date: January 27th, 2014
- Public Disclosure Date: February 10h, 2014
- Vulnerabilities' Status: Fixed
  
******************************************************************************
  
Associated CVEs:
  
1) CVE-2014-1841:
   It is possible to copy the complete home folder of another user by leveraging a vulnerability on the Titan FTP Server Web Interface.
  
2) CVE-2014-1842:
   It is possible to obtain the complete list of existing users by writing "/../" on the search bar.
  
3) CVE-2014-1843:
   It is possible to observe the "Properties" for an existing user home folder.
   This also allows for enumeration of existing users on the system.
  
Associated CWE:
  
  CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  http://cwe.mitre.org/data/definitions/22.html
  
******************************************************************************
  
DESCRIPTIONS
============
  
1) CVE-2014-1841:
  
   It is possible to copy the complete home folder of another user by leveraging a vulnerability on the Titan FTP Server Web Interface.
    
   This is done by using the "Move" function, and replacing the "src" parameter value with the "/../<folder name of another user>" value.  
  
2) CVE-2014-1842:
  
   It is possible to obtain the complete list of existing users by writing "/../" on the search bar and hitting the "Go" button.
  
3) CVE-2014-1843:
  
   It is possible to observe the "Properties" for an existing user home folder.
    
   This also allows for enumeration of existing users on the system.
    
   This is done by using the "Properties" function, and replacing the "src" parameter value with the "/../<folder name of another user>" value.  
  
******************************************************************************
  
- Available fix:
  Titan FTP Server software (Version 10.40 Build 1829):
   + titanftp32_10_40_1829_en.exe
   + titanftp64_10_40_1829_en.exe
  
- Related Links: Deloitte Argentina - www.deloitte.com/ar
  
- Feedback:
  If you have any questions, comments, concerns, updates or suggestions please contact:
   + Fara Rustein
     [email protected] (Twitter: @fararustein)
   + Luciano Martins
     [email protected] (Twitter: @clucianomartins)
  
******************************************************************************
  
Credits:
  
CVE-2014-1841:
  1. It is possible to copy the complete home folder of another user by leveraging a vulnerability on the Titan FTP Server Web Interface.
  Discovered by Fara Rustein - [email protected]
  
CVE-2014-1842:
  2. It is possible to obtain the complete list of existing users by writing "/../" on the search bar.
  Discovered by Luciano Martins - [email protected]
  
CVE-2014-1843:
  3. It is also possible to observe the "Properties" for an existing user home folder.
  This also allows for enumeration of existing users on the system.
  Discovered by Fara Rustein - [email protected]

#  0day.today [2018-01-26]  #