Baby FTP Server Information Disclosure Weakness
BID:17205
Info
Baby FTP Server Information Disclosure Weakness
| Bugtraq ID: | 17205 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 23 2006 12:00AM |
| Updated: | Mar 23 2006 09:39PM |
| Credit: | Ziv Kamir is credited with the discovery of this issue. |
| Vulnerable: |
Pablo Software Solutions Baby FTP Server 1.24 |
| Not Vulnerable: | |
Discussion
Baby FTP Server Information Disclosure Weakness
Baby FTP Server is susceptible to a remote information-disclosure weakness. This issue is due to a lack of proper sanitization of user-supplied input.
An attacker may use information obtained to launch further attacks on the affected computer.
Version 1.24 is vulnerable; other versions may also be affected.
Baby FTP Server is susceptible to a remote information-disclosure weakness. This issue is due to a lack of proper sanitization of user-supplied input.
An attacker may use information obtained to launch further attacks on the affected computer.
Version 1.24 is vulnerable; other versions may also be affected.
Exploit / POC
Baby FTP Server Information Disclosure Weakness
To exploit this issue, an attacker would use the native FTP server commands, and then check for error messages returned by the application.
To exploit this issue, an attacker would use the native FTP server commands, and then check for error messages returned by the application.
Solution / Fix
Baby FTP Server Information Disclosure Weakness
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
Baby FTP Server Information Disclosure Weakness
References:
References:
- Baby FTP Server Product Page (Pablo Software Solutions)