AlTools ALFTP Authentication Bypass And Information Disclosure Vulenrabilities
BID:21058
Info
AlTools ALFTP Authentication Bypass And Information Disclosure Vulenrabilities
| Bugtraq ID: | 21058 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 14 2006 12:00AM |
| Updated: | Nov 16 2006 04:06PM |
| Credit: | Greg Linares <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
ALTools ALFTP 4.1 BETA1 |
| Not Vulnerable: | |
Discussion
AlTools ALFTP Authentication Bypass And Information Disclosure Vulenrabilities
The ALTOOLS ALFTP server is prone to authentication-bypass and information-disclosure vulnerabilities. These issues occur when a user submits certain commands.
Exploiting these issues could allow an attacker to gain sensitive directory information or to create directories in unauthorized locations. This could aid in further attacks.
Version 4.1 BETA1 is vulnerable; other version may also be affected.
The ALTOOLS ALFTP server is prone to authentication-bypass and information-disclosure vulnerabilities. These issues occur when a user submits certain commands.
Exploiting these issues could allow an attacker to gain sensitive directory information or to create directories in unauthorized locations. This could aid in further attacks.
Version 4.1 BETA1 is vulnerable; other version may also be affected.
Exploit / POC
AlTools ALFTP Authentication Bypass And Information Disclosure Vulenrabilities
An attacker can exploit these issues using readily available FTP client applications.
An attacker can exploit these issues using readily available FTP client applications.
Solution / Fix
AlTools ALFTP Authentication Bypass And Information Disclosure Vulenrabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
References
AlTools ALFTP Authentication Bypass And Information Disclosure Vulenrabilities
References:
References:
- ALTools Homepage (ALTools)