[NT] EFTP Directory Content Disclosure
From: support@securiteam.comDate: 12/28/01
- Previous message: support@securiteam.com: "[UNIX] klprfax_filter Symlink Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Fri, 28 Dec 2001 11:53:56 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
EFTP Directory Content Disclosure
------------------------------------------------------------------------
SUMMARY
<http://www.eftp.org/> EFTP, an Encrypted File Transfer Protocol, is an
easy way to send and receive files to and from your PC while they are
seamlessly encrypted. A security vulnerability in the product allows an
attacker to view content of directories that reside outside the bounding
FTP root.
DETAILS
Vulnerable systems:
EFTP version 2.0.8.346
Immune systems:
EFTP version 2.0.8.348
It is possible to see the contents of every drive and directory of
vulnerable server. A valid user account is required to exploit this
vulnerability. This works both with encryption and without encryption.
Here is how it is done:
The user is logged in to his home directory (let us say d:\userdir) when
the user issues a CWD to another directory server returns permission
denied.
However, if he first tries changing to the "..." directory (it will change
to the directory d:\userdir\...) and then issuing a CWD to "\", the
program will replay saying permission denied however it will successfully
change to root directory of the current drive. So, every time we want to
see a directory's content, we first need to issue an CWD to our home
directory and then CWD ... and then CWD directly to desired directory
(CWD c:/ or c:/winnt etc).
Solution:
The vendor has released a fixed version (2.0.8.348) which can be obtained
from eftp's homepage:
<http://www.eftp.org/> http://www.eftp.org/
ADDITIONAL INFORMATION
The information has been provided by <mailto:ertank@olympos.org> Ertan
Kurt.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] klprfax_filter Symlink Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
