Broker FTP Directory Permissions Vulnerability
BID:1996
Info
Broker FTP Directory Permissions Vulnerability
| Bugtraq ID: | 1996 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 21 2000 12:00AM |
| Updated: | Nov 21 2000 12:00AM |
| Credit: | This vulnerability was first reported to Bugtraq on November 21, 2000 by Astral <[email protected]> |
| Vulnerable: |
TransSoft Broker FTP Server 4.7 .5.0 |
| Not Vulnerable: | |
Discussion
Broker FTP Directory Permissions Vulnerability
Broker FTP is a FTP Server package for Windows NT/2000 and Windows 95/98 from TransSoft.
Multiple vulnerabilities exist in Broker FTP Server that could allow a remote attacker to browse root directories and possibly retrieve account names and passwords.
During a default install, Broker FTP asks the user to create a FTP directory for the server, e.g.: d:\FTP. Once installation is complete, any user, including anonymous, can connect to the service and browse the entire drive in which Broker FTP has been installed.
A second vulnerability exists in Broker FTP whereby a remote attacker could gain access to usernames, passwords and account information. If the root directory of the Broker FTP is the same as the install location, an unauthorized user could browse directories until locating the %%WinDir%%\BrokerProfiles.Dat file. Accounts and user information (including user rights) are stored within this file in clear text and easily retrievable.
It is unknown at this time whether any or all users have write access to the root directory or any other directory other than their own.
Broker FTP is a FTP Server package for Windows NT/2000 and Windows 95/98 from TransSoft.
Multiple vulnerabilities exist in Broker FTP Server that could allow a remote attacker to browse root directories and possibly retrieve account names and passwords.
During a default install, Broker FTP asks the user to create a FTP directory for the server, e.g.: d:\FTP. Once installation is complete, any user, including anonymous, can connect to the service and browse the entire drive in which Broker FTP has been installed.
A second vulnerability exists in Broker FTP whereby a remote attacker could gain access to usernames, passwords and account information. If the root directory of the Broker FTP is the same as the install location, an unauthorized user could browse directories until locating the %%WinDir%%\BrokerProfiles.Dat file. Accounts and user information (including user rights) are stored within this file in clear text and easily retrievable.
It is unknown at this time whether any or all users have write access to the root directory or any other directory other than their own.
Solution / Fix
Broker FTP Directory Permissions Vulnerability
Solution:
The vendor has released the following upgrades that fixes both vulnerabilities.
TransSoft Broker FTP Server 4.7 .5.0
Solution:
The vendor has released the following upgrades that fixes both vulnerabilities.
TransSoft Broker FTP Server 4.7 .5.0
-
TransSoft broker40b.exe
http://www.transsoft.com/broker/updates/broker40b.exe -
TransSoft broker40nt.exe
http://www.transsoft.com/broker/updates/broker40nt.exe
References
Broker FTP Directory Permissions Vulnerability
References:
References: