Re: KunaniFTP-Server v.1.0.10 allows dictionary traversal

From: Alun Jones (alun@texis.com)
Date: 12/11/02

Next message: UkR security team™: "MTPSR1-120 Firewall Proxy configuration software"

Previous message: luca.ercoli@inwind.it: "Enceladus Server Suite traversal directory vulnerability"
In reply to: Zero-X www.lobnan.de Team: "KunaniFTP-Server v.1.0.10 allows dictionary traversal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 10 Dec 2002 20:04:21 -0600
To: "Zero-X www.lobnan.de Team" <zero-x@linuxmail.org>
From: Alun Jones <alun@texis.com>

At 04:23 PM 12/10/2002, Zero-X www.lobnan.de Team wrote:
>Ftp> get ..\..\..\..\..\boot.ini
>200 PORT command successful
>150 Opening ASCII mode data connection for /bin/ls.

I think an FTP server that's told to "get" a file, and returns that it's
opening a connection for "/bin/ls" (i.e. making a listing) likely has some
maturation ahead of it. Is this really what the server says, or is this
bad cutting-and-pasting from the true session?

Alun.
~~~~

--
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT.

Next message: UkR security team™: "MTPSR1-120 Firewall Proxy configuration software"
Previous message: luca.ercoli@inwind.it: "Enceladus Server Suite traversal directory vulnerability"
In reply to: Zero-X www.lobnan.de Team: "KunaniFTP-Server v.1.0.10 allows dictionary traversal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[NT] GuildFTPd Remote DoS (LPT1)
... GuildFTPd is a small FTP server. ... 150 Opening ascii mode data connection for /lpt1. ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
(Securiteam)
Re: The pkg_add/ftp/fetch pain
... I use an OpenBSD4.0 and vsftpd on a FreeBSD6.2. ... I just would like to update some packages as I recently upgraded from 3.9. ... 150 Opening BINARY mode data connection for bzip2-1.0.4.tgz. ... If you can point PKG_PATH at some other ftp server and it works, then I think this ftp server is not happy, or the firewall is contributing to the problem. ...
(comp.unix.bsd.openbsd.misc)
Re: FTP
... >services and i want to prevent people from uploading ... or using a third-party FTP server such as our own ... WFTPD Pro, ... Texas Imperial Software | Try WFTPD, the Windows FTP Server. ...
(microsoft.public.inetserver.iis.security)
Re: Undeletable Folders On My FTP Server
... >these folders on my windows 2000 ftp server that I cannot delete. ... listing the files in a Command-Prompt window by the "DIR /X" command. ... Fax/Voice +1258-9858 | read details of WFTPD Pro for NT. ...
(comp.security.misc)
Re: FTP Server ;;TAGGED;; How to clean it HELP
... Is the FTP server still running? ... Is there a chance that someone has those ... Cedar Park TX 78613-1419 | VISA/MC accepted. ... Fax/Voice +1258-9858 | read details of WFTPD Pro for XP/2000/NT. ...
(microsoft.public.inetserver.iis.security)