Gene6 FTP Server Remote Default Install Code Execution Vulnerability
BID:12739
Info
Gene6 FTP Server Remote Default Install Code Execution Vulnerability
| Bugtraq ID: | 12739 |
| Class: | Configuration Error |
| CVE: |
CVE-2005-0690 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 07 2005 12:00AM |
| Updated: | Sep 17 2007 05:20PM |
| Credit: | Sowhat <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
Gene6 G6 FTP Server 3.4 Gene6 G6 FTP Server 3.3.1 Gene6 G6 FTP Server 3.3 Gene6 G6 FTP Server 3.2 Gene6 G6 FTP Server 3.1 Gene6 G6 FTP Server 3.0.2 Gene6 G6 FTP Server 3.0.1 Gene6 G6 FTP Server 3.0 Gene6 G6 FTP Server 2.0 |
| Not Vulnerable: | |
Discussion
Gene6 FTP Server Remote Default Install Code Execution Vulnerability
A remote code-execution vulnerability reportedly affects Gene6 FTP Server because of a configuration error that fails to secure critical functionality from default users.
An attacker that can authenticate to the affected FTP server can execute arbitrary code with SYSTEM privileges; this will facilitate privilege escalation.
A remote code-execution vulnerability reportedly affects Gene6 FTP Server because of a configuration error that fails to secure critical functionality from default users.
An attacker that can authenticate to the affected FTP server can execute arbitrary code with SYSTEM privileges; this will facilitate privilege escalation.
Exploit / POC
Gene6 FTP Server Remote Default Install Code Execution Vulnerability
No exploit is required to leverage this issue.
No exploit is required to leverage this issue.
Solution / Fix
Gene6 FTP Server Remote Default Install Code Execution Vulnerability
Solution:
The vendor has released the following configuration details that will resolve this issue:
- Create a new administrator account
- In Administration / Properties, uncheck Options / Allow all access to localhost.
Do not forget to adjust the 'local machine' properties to use the new administration account.
NOTE: The installer for the next release of the affected application will include a fix for this issue.
Solution:
The vendor has released the following configuration details that will resolve this issue:
- Create a new administrator account
- In Administration / Properties, uncheck Options / Allow all access to localhost.
Do not forget to adjust the 'local machine' properties to use the new administration account.
NOTE: The installer for the next release of the affected application will include a fix for this issue.
References
Gene6 FTP Server Remote Default Install Code Execution Vulnerability
References:
References: