Winsock FTPd Directory Transversal Vulnerability

Winsock FTPd is a popular FTP server from Texas Imperial Software.

A vulnerability exists in Winsock FTPd that could allow an unauthorized user to browse the root directory of the drive where Winsock FTPd has been installed.

During install, Winsock FTPd allows the administrator to "Restrict to home directory and below" effectively creating a chroot jail for users. Upon logging in, a user can pass a the server a malformed change directory request that will allow any user (including anonymous) to browse the root directory and possibly retrieve/write files to the root directory on which Winsock FTPd resides.

Upon connecting to the Winsock FTPd server, a user could issue the command: cd ../../ This will normally result in the message "User is not allowed to ../../" and will be returned to their chroot jail directory.

If the user issues the following command: cd /../.. they will not receive the "User is not allowed to" message and will change directory to root on the drive or partition where Winsock FTPd has been installed.

If the administrator has installed Winsock FTPd on the same drive or partition that contains the operating system, a remote attacker could gain access to systems files, password files, etc. that could lead to a complete system compromise.


 

Privacy Statement
Copyright 2010, SecurityFocus