Winsock FTPd Directory Transversal Vulnerability
BID:2005
Info
Winsock FTPd Directory Transversal Vulnerability
| Bugtraq ID: | 2005 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 27 2000 12:00AM |
| Updated: | Nov 27 2000 12:00AM |
| Credit: | This vulnerability was first reported to Bugtraq on November 27, 2000 by Interstellar Overdrive <[email protected]> |
| Vulnerable: |
Texas Imperial Software WFTPD 3.0 Pro Texas Imperial Software WFTPD 2.41 RC14 Pro Texas Imperial Software WFTPD 2.41 RC14 |
| Not Vulnerable: | |
Discussion
Winsock FTPd Directory Transversal Vulnerability
Winsock FTPd is a popular FTP server from Texas Imperial Software.
A vulnerability exists in Winsock FTPd that could allow an unauthorized user to browse the root directory of the drive where Winsock FTPd has been installed.
During install, Winsock FTPd allows the administrator to "Restrict to home directory and below" effectively creating a chroot jail for users. Upon logging in, a user can pass a the server a malformed change directory request that will allow any user (including anonymous) to browse the root directory and possibly retrieve/write files to the root directory on which Winsock FTPd resides.
Upon connecting to the Winsock FTPd server, a user could issue the command: cd ../../ This will normally result in the message "User is not allowed to ../../" and will be returned to their chroot jail directory.
If the user issues the following command: cd /../.. they will not receive the "User is not allowed to" message and will change directory to root on the drive or partition where Winsock FTPd has been installed.
If the administrator has installed Winsock FTPd on the same drive or partition that contains the operating system, a remote attacker could gain access to systems files, password files, etc. that could lead to a complete system compromise.
Winsock FTPd is a popular FTP server from Texas Imperial Software.
A vulnerability exists in Winsock FTPd that could allow an unauthorized user to browse the root directory of the drive where Winsock FTPd has been installed.
During install, Winsock FTPd allows the administrator to "Restrict to home directory and below" effectively creating a chroot jail for users. Upon logging in, a user can pass a the server a malformed change directory request that will allow any user (including anonymous) to browse the root directory and possibly retrieve/write files to the root directory on which Winsock FTPd resides.
Upon connecting to the Winsock FTPd server, a user could issue the command: cd ../../ This will normally result in the message "User is not allowed to ../../" and will be returned to their chroot jail directory.
If the user issues the following command: cd /../.. they will not receive the "User is not allowed to" message and will change directory to root on the drive or partition where Winsock FTPd has been installed.
If the administrator has installed Winsock FTPd on the same drive or partition that contains the operating system, a remote attacker could gain access to systems files, password files, etc. that could lead to a complete system compromise.
Exploit / POC
Winsock FTPd Directory Transversal Vulnerability
Please see discussion.
Please see discussion.
Solution / Fix
Winsock FTPd Directory Transversal Vulnerability
Solution:
The vendor has issued the following upgrades that fix this vulnerability:
Texas Imperial Software WFTPD 2.41 RC14 Pro
Texas Imperial Software WFTPD 2.41 RC14
Solution:
The vendor has issued the following upgrades that fix this vulnerability:
Texas Imperial Software WFTPD 2.41 RC14 Pro
-
Texas Imperial Software 32wfd241.zip
http://www.wftpd.com/downloads/32wfd241.zip
Texas Imperial Software WFTPD 2.41 RC14
-
Texas Imperial Software wftpd241.zip
http://www.wftpd.com/downloads/wftpd241.zip
References
Winsock FTPd Directory Transversal Vulnerability
References:
References:
- Texas Imperial Software Downloads (Texas Imperial Software)