Titan FTP Server 10.32 Build 1816 Directory Traversals

2014.02.11
Credit: Fara Rustein
Risk: High
Local: No
Remote: Yes
CVE: CVE-2014-1841 | CVE-2014-1842 | CVE-2014-1843
CWE: CWE-22

"Titan FTP Server Directory Traversal Vulnerabilities" ****************************************************************************** - Affected Vendor: South River Technologies - Affected System: Titan FTP Server software (Version 10.32 Build 1816) - Vendor Disclosure Date: January 27th, 2014 - Public Disclosure Date: February 10h, 2014 - Vulnerabilities' Status: Fixed ****************************************************************************** Associated CVEs: 1) CVE-2014-1841: It is possible to copy the complete home folder of another user by leveraging a vulnerability on the Titan FTP Server Web Interface. 2) CVE-2014-1842: It is possible to obtain the complete list of existing users by writing "/../" on the search bar. 3) CVE-2014-1843: It is possible to observe the "Properties" for an existing user home folder. This also allows for enumeration of existing users on the system. Associated CWE: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') http://cwe.mitre.org/data/definitions/22.html ****************************************************************************** DESCRIPTIONS ============ 1) CVE-2014-1841: It is possible to copy the complete home folder of another user by leveraging a vulnerability on the Titan FTP Server Web Interface. This is done by using the "Move" function, and replacing the "src" parameter value with the "/../<folder name of another user>" value. 2) CVE-2014-1842: It is possible to obtain the complete list of existing users by writing "/../" on the search bar and hitting the "Go" button. 3) CVE-2014-1843: It is possible to observe the "Properties" for an existing user home folder. This also allows for enumeration of existing users on the system. This is done by using the "Properties" function, and replacing the "src" parameter value with the "/../<folder name of another user>" value. ****************************************************************************** - Available fix: Titan FTP Server software (Version 10.40 Build 1829): + titanftp32_10_40_1829_en.exe + titanftp64_10_40_1829_en.exe - Related Links: Deloitte Argentina - www.deloitte.com/ar - Feedback: If you have any questions, comments, concerns, updates or suggestions please contact: + Fara Rustein frustein@deloitte.com (Twitter: @fararustein) + Luciano Martins lmartins@deloitte.com (Twitter: @clucianomartins) ****************************************************************************** Credits: CVE-2014-1841: 1. It is possible to copy the complete home folder of another user by leveraging a vulnerability on the Titan FTP Server Web Interface. Discovered by Fara Rustein - frustein@deloitte.com CVE-2014-1842: 2. It is possible to obtain the complete list of existing users by writing "/../" on the search bar. Discovered by Luciano Martins - lmartins@deloitte.com CVE-2014-1843: 3. It is also possible to observe the "Properties" for an existing user home folder. This also allows for enumeration of existing users on the system. Discovered by Fara Rustein - frustein@deloitte.com ****************************************************************************** Fara Rustein | Senior Consultant Cyber Security - Deloitte The key is searching. Vs nfv zphz qsui ghzf zg xhv yvzqy gj tiwap.


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top