[NT] Tridcomm FTP Server Directory Traversal
From: SecuriTeam (support_at_securiteam.com)
Date: 10/12/04
- Previous message: SecuriTeam: "[UNIX] HTTP Response Splitting in WordPress"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 12 Oct 2004 10:40:10 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Tridcomm FTP Server Directory Traversal
------------------------------------------------------------------------
SUMMARY
" <http://www.tridcomm.com/> TriDComm is a freeware 3D file manager and a
3D trace router for Windows."
TriDComm's built-in FTP server is vulnerable to directory traversal, which
in turn allows a remote user to view any accessible file on the system and
upload just as well.
DETAILS
Vulnerable Systems:
* TriDComm version 1.3 and prior
TriDComm comes bundled with a built-in FTP server which is disabled by
default. However, when enabled, the FTP server poses a major security
threat, as it is vulnerable to directory traversal.
Using this, an attacker is not only able to view any accessible file on
the system, by the FTP server, but also upload files to the system.
Examples:
dir ../../
dir /
get ../../windows/win.ini win.ini
put evil.exe ../../windows/calc.exe
ADDITIONAL INFORMATION
The information has been provided by <mailto:aluigi@autistici.org> Luigi
Auriemma.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[UNIX] HTTP Response Splitting in WordPress"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [EXPL] Golden FTP Server Pro Buffer Overflow (USER, Exploit)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... " Golden FTP Server is
a free Windows FTP server ... unsigned char *recvbuf; ... (Securiteam) - [NT] Home Ftp Server Multiple Vulnerabilities (Information Disclosure, Directory Traversal)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... very easy to use Windows FTP
server application with all the nice ftp ... * Home Ftp Server version 1.0.7 b45 ...
By default the program setting files ftpmembers.lst and ftpsettings.lst ... (Securiteam) - [NT] Pablo Software Solutions FTP Server File Disclosure
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... FTP server for Windows
98/NT/XP. ... This vulnerability allows checking whether a file exists on a remote ...
Using this you can know if the remote system is Windows NT/2000/XP ... (Securiteam) - [NT] Serv-U Local Privilege Escalation Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... SYSTEM privileges using a problem
with Serv-U administration. ... The Serv-U FTP server in all its platforms has a
local administration ... arbitrary commands. ... (Securiteam) - [NT] Nexgen FTP Server Directory Traversal Vulnerability
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Nexgen FTP Server is a
full-featured FTP Server that can be easily ... The Nexgen FTP Server suffers from a directory
traversal vulnerability ... In no event shall we be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits or special damages. ...
(Securiteam)
