BugTraq
Multiple Vulnerabilities in Home Ftp Server 1.0.7 Aug 24 2005 02:59PM
Donato Ferrante (fdonato autistici org)

Donato Ferrante

Application: Home Ftp Server
http://downstairs.dnsalias.net/homeserver.html

Version: 1.0.7 b45

Bugs: Multiple Vulnerabilities

Date: 24-Aug-2005

Author: Donato Ferrante
e-mail: fdonato (at) autistici (dot) org [email concealed]
web: www.autistici.org/fdonato

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bugs
3. The code
4. The fix

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's Description:

"Home ftp server is a very easy to use Windows FTP server application
with all the nice ftp features included."

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
2. The bugs:
-------------

i. Information Discolusure, the program by default stores users
information ("ftpmembers.lst") and ftp server settings
("ftpsettings.lst") into program's directory which is the default
users home directory.
Note that ftpmembers.lst and ftpsettings.lst are in clear text.
So a malicious user once logged in, can see server settings and
users info in the home directory.

ii. Directory Traversal, the program allows users to see and/or
download (if Allow download files is enabled) all the files
available on the remote system.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

www.autistici.org/fdonato/poc/HomeFtpServer107b45_MV_poc.py

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

No fix.
No reply from vendor.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus