Gene6 BPFTP FTP Server User Credentials Disclosure Vulnerability

G6 FTP Server now known as BPFTP Server is an internet FTP server by Gene6

If a logged in FTP user connects to an external share and submits a malformed 'size' or 'mdtm' command, the user could force the FTP server to make an external SMB connection.

The FTP server must provide login credentials of the user the server is running under in order to make a connection to the remote host. A password hash is sent across the external connection to the host. A third party network utility could be listening for internal and external traffic and capture the password hash. The captured hash could be resolved into the username and password.


 

Privacy Statement
Copyright 2010, SecurityFocus