Crob FTP Server Remote Information Disclosure Vulnerability
BID:9546
Info
Crob FTP Server Remote Information Disclosure Vulnerability
| Bugtraq ID: | 9546 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 02 2004 12:00AM |
| Updated: | Feb 02 2004 12:00AM |
| Credit: | Discovery of this issue has been credited to Zero_X www.lobnan.de Team <[email protected]>. |
| Vulnerable: |
Crob Crob FTP Server 3.5.1 |
| Not Vulnerable: | |
Discussion
Crob FTP Server Remote Information Disclosure Vulnerability
A vulnerability has been reported in the Crob FTP server, which occurs due to a lack of validation of input from the user. By issuing a specially crafted request, a malevolent user may be able to gain access to files outside of the ftp root directory.
A vulnerability has been reported in the Crob FTP server, which occurs due to a lack of validation of input from the user. By issuing a specially crafted request, a malevolent user may be able to gain access to files outside of the ftp root directory.
Exploit / POC
Crob FTP Server Remote Information Disclosure Vulnerability
There are no exploits required to leverage this issue. The following proof of concept has been supplied:
You can read all directories on the system with the following command:
dir ../../../../../*
There are no exploits required to leverage this issue. The following proof of concept has been supplied:
You can read all directories on the system with the following command:
dir ../../../../../*
Solution / Fix
Crob FTP Server Remote Information Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Crob FTP Server Remote Information Disclosure Vulnerability
References:
References:
- Crob FTP Server (Crob )
- Vulnerabilities in Crob FTP Server V3.5.1 (Zero_X www.lobnan.de Team
)