[NT] Bounce Vulnerability in SpoonFTP

From: support@securiteam.com
Date: 01/23/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Wed, 23 Jan 2002 22:16:04 +0100 (CET)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Bounce Vulnerability in SpoonFTP
------------------------------------------------------------------------

SUMMARY

 <http://www.pi-soft.com/spoonftp/index.shtml> SpoonFTP is an FTP server
that lets you transfer files using the File Transfer Protocol (FTP). A
security vulnerability in the product allows attackers to bounce
connections thought the FTP server, thus allowing them to attack
third-party hosts.

DETAILS

Vulnerable systems:
SpoonFTP version 1.1.0.0 and prior

Immune systems:
SpoonFTP version 1.1.0.1

The FTP server suffers from a security vulnerability that allows attackers
to launch an FTP bounce attack, even against ports lower than 1024
(normally they are restricted from access).

Vendor response:
Pi-Soft have created a new version that among other things fix this
vulnerability.

ADDITIONAL INFORMATION

The information has been provided by <mailto:arne.vidstrom@NTSECURITY.NU>
Arne Vidstrom.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • [NT] Microsoft Internet Explorer FTP Command Injection Vulnerability
    ... Get your security news from a reliable source. ... Microsoft Internet Explorer FTP Command Injection Vulnerability ... possibly steal data and upload malicious files to an FTP server under the ...
    (Securiteam)
  • [NEWS] 3com NBX IP Phone System Denial of Service Attack (CEL)
    ... Beyond Security would like to welcome Tiscali World Online ... It was possible to make the remote FTP server crash by issuing this ... a windows client by telneting to the NBX server on port 21 or by ... call manager located on the outside of their firewall, ...
    (Securiteam)
  • Re: Strange response from network
    ... > to guess what service generally resides at the open port it found. ... > instance, if I ran my FTP server on port 22, nmap would detect it as an ... Ethical Hacking at the InfoSec Institute. ... learn to write exploits and attack security infrastructure. ...
    (Pen-Test)
  • Re: MT Newswatcher
    ... Having MT-NW automatically fetch the file from a ftp server is similar, ... As far as security goes, you are just as responsible for maintaining the ... file only contains the names of news groups to which you are subscribed ...
    (comp.sys.mac.apps)
  • Re: VFP 9: Help with sending/receiving XML via FTP
    ... Be prepared to answer the coming questions - I have seen too many setups where security was slapped on in a hurry. ... FTP server and the risks of someone connecting with FTP client, ... Technology in itself is so used that "administration" can be handled by almost anybody - less need for admin knowledge. ...
    (microsoft.public.fox.programmer.exchange)