NetKit FTP Server ChDir Information Disclosure Vulnerability
BID:21000
Info
NetKit FTP Server ChDir Information Disclosure Vulnerability
| Bugtraq ID: | 21000 |
| Class: | Design Error |
| CVE: |
CVE-2006-5778 |
| Remote: | No |
| Local: | Yes |
| Published: | Nov 10 2006 12:00AM |
| Updated: | Feb 13 2007 10:27PM |
| Credit: | Paul Szabo is credited with the discovery of this issue. |
| Vulnerable: |
Netkit Linux Netkit 0.17 Netkit Linux Netkit 0.16 Netkit Linux Netkit 0.15 Netkit Linux Netkit 0.14 Netkit Linux Netkit 0.12 Netkit Linux Netkit 0.11 Netkit Linux Netkit 0.10 Netkit Linux Netkit 0.9 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: | |
Discussion
NetKit FTP Server ChDir Information Disclosure Vulnerability
Netkit FTP Server ('ftpd') is prone to an information-disclosure vulnerability due to a design error.
A local attacker could exploit this issue to bypass access restrictions and gain access to the root directory of the FTP server. Directory information gained may aid in further attacks.
Netkit FTP Server 0.17 and prior versions are affected.
Netkit FTP Server ('ftpd') is prone to an information-disclosure vulnerability due to a design error.
A local attacker could exploit this issue to bypass access restrictions and gain access to the root directory of the FTP server. Directory information gained may aid in further attacks.
Netkit FTP Server 0.17 and prior versions are affected.
Exploit / POC
NetKit FTP Server ChDir Information Disclosure Vulnerability
A local attacker can exploit this issue by creating a home directory in such a way that it is inaccessible to the affected application.
A local attacker can exploit this issue by creating a home directory in such a way that it is inaccessible to the affected application.
Solution / Fix
NetKit FTP Server ChDir Information Disclosure Vulnerability
Solution:
Please see the referenced advisories for more information.
Netkit Linux Netkit 0.17
Solution:
Please see the referenced advisories for more information.
Netkit Linux Netkit 0.17
-
Cuyahoga ftpd_0.17-20sarge2_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20 sarge2_alpha.deb -
Cuyahoga ftpd_0.17-20sarge2_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20 sarge2_amd64.deb -
Cuyahoga ftpd_0.17-20sarge2_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20 sarge2_arm.deb -
Cuyahoga ftpd_0.17-20sarge2_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20 sarge2_hppa.deb -
Cuyahoga ftpd_0.17-20sarge2_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20 sarge2_i386.deb -
Cuyahoga ftpd_0.17-20sarge2_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20 sarge2_ia64.deb -
Cuyahoga ftpd_0.17-20sarge2_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20 sarge2_m68k.deb -
Cuyahoga ftpd_0.17-20sarge2_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20 sarge2_mips.deb -
Cuyahoga ftpd_0.17-20sarge2_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20 sarge2_mipsel.deb -
Cuyahoga ftpd_0.17-20sarge2_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20 sarge2_powerpc.deb -
Cuyahoga ftpd_0.17-20sarge2_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20 sarge2_sparc.deb -
Cuyahoga linux-ftpd/ftpd_0.17-20sarge2_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/l/linux-ftpd/ftpd_0.17-20 sarge2_s390.deb