WarFTPd Multiple Macro Vulnerabilities

WarFTPd ships with various macros to assist in the setup of complex FTP sites.

It is possible to call these macros remotely, some of which can be used to compromise the server. Some of these macros will give out server and operating system information, and can be used to reveal the contents of files in error messages, including the configuration files for WarFTP which can include plaintext administrator passwords.

The extent of the vulnerability differs between versions of WarFTPd:

Version 1.67b2 and prior:
Authenticated users can gain access to restricted files.

Version 1.70:
Remote attackers can gain access to any file on the system, as well as run any system command with administrative priveleges if an ODBC driver is installed. This can be done without needing to be logged into the FTP server.


Privacy Statement
Copyright 2010, SecurityFocus