[NT] Yak! File Transfer Mechanism Exposes System To Compromise

From: SecuriTeam (support_at_securiteam.com)
Date: 09/16/03

  • Next message: SecuriTeam: "[NT] Buffer Overflow in WideChapter Browser" 
    To: list@securiteam.com
Date: 16 Sep 2003 16:23:53 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Yak! File Transfer Mechanism Exposes System To Compromise
    ------------------------------------------------------------------------

    SUMMARY

     <http://www.digicraft.com.au/yak/> Yak! is "a text-based, chat
    application for use on Microsoft Windows 32-bit local area networks. It
    has a simple and easy to use interface, does not require a dedicated
    server, and makes communicating across a LAN a dream. Use Yak! at home to
    chat with family and friends, or in the work place to improve
    productivity".

    Yak! provides a file transfer mechanism that is uses an FTP server to
    transfer files between hosts, the FTP server uses a default username and
    password (that cannot be changed). The default username and password can
    be used to access the whole operating system under which the Yak! is
    installed under without any constraints.

    DETAILS

    Vulnerable systems:
     * Yak! version 2.0.1

    Yak! supports file transfers, the default port that the file transfer
    mechanism uses is TCP port 3535. If a connection is made to port 3535, the
    following banner will appear:
    " 220 ICS FTP Server ready. "

    The FTP server's default username is Yak and default password is asd123.
    Once they are entered via a normal FTP client, unlimited access can be
    obtained to the machine where Yak! is installed.

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:bil_912@coolgoose.com> bil.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NT] Buffer Overflow in WideChapter Browser"

    Relevant Pages