[NT] Directory Traversal Vulnerability in 121 WAM! Server
From: SecuriTeam (support_at_securiteam.com)
Date: 08/12/03
- Previous message: SecuriTeam: "[TOOL] HOON, an AT&T to Shellcode"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 12 Aug 2003 14:44:33 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
Get Thawte's New Step-by-Step SSL Guide for MSIIS
In this guide you will find out how to test, purchase, install
and use a Thawte Digital Certificate on your MSIIS web server.
Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates. Get your copy of this new guide now:
http://ad.doubleclick.net/clk;5903126;8265119;j
- - - - - - - - -
Directory Traversal Vulnerability in 121 WAM! Server
------------------------------------------------------------------------
SUMMARY
<http://www.121software.com/121wam/server.asp> 121 WAM! Server is "a
standard FTP server for Microsoft Windows. When used in conjunction with
121 WAM! Client, it also provides your users with a complete solution to
manage their online databases including Microsoft Access, SQL Server and
MySQL. 121 WAM! makes uploading, downloading and transferring data a
simple drag and drop operation. 121 WAM! Server is the first FTP server
that supports database transfer functionality".
Due to a vulnerability in the product remote attackers can access files
that reside outside the bounding FTP root directory.
DETAILS
Vulnerable Systems:
* 121 WAM! Server 1.0.4.0 (Possibly previous versions)
Sending the command CWD .., will not change the directory. However sending
CWD /../ allows normal users to 'hop' out of the pre-defined user root
directory, and browse the entire hard drive.
ADDITIONAL INFORMATION
The information has been provided by <mailto:peter4020@hotmail.com> Peter
Winter-Smith
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[TOOL] HOON, an AT&T to Shellcode"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- RE: FTP and ISA setup
... Please follow the instruction described on the following KB to enable external clients to
access your FTP server. ... Local port: Fixed port ... Change the EnablePortAttack
value to 1. ... (microsoft.public.windows.server.sbs) - Re: Is this a 3-Leg Perimeter scenario?
... Do you mean the FTP server is hosted on the ... This newsgroup only focuses
on SBS technical issues. ... The detailed network diagram. ... (microsoft.public.windows.server.sbs) - Re: Microsoft FTP Server problem on W2K?
... client (rather than another server, as in proxy transfer), the IP address ...
port) currently in use on the control connection. ... >the remote FTP server
was, at least at a TCP level, prepared to accept the ... (microsoft.public.inetserver.iis.security) - Re: How to develop FTP Server On PPC?
... FTP server due to licensing restrictions. ... the server portions (there's no
FTP client to my knowledge on CE), ... © 2003 Microsoft Corporation. ...
(microsoft.public.windowsce.embedded.vc) - Re: Security Problem...
... This has happened before on other installations of ... I checked the IIS
web server and FTP server logs and the only IP address is ... As far as my Firewall
logs, ... (microsoft.public.security)
