"Titan FTP Server Directory Traversal Vulnerabilities"
******************************************************************************
- Affected Vendor: South River Technologies
- Affected System: Titan FTP Server software (Version 10.32 Build 1816)
- Vendor Disclosure Date: January 27th, 2014
- Public Disclosure Date: February 10h, 2014
- Vulnerabilities' Status: Fixed
******************************************************************************
Associated CVEs:
1) CVE-2014-1841:
It is possible to copy the complete home folder of another user by leveraging a vulnerability on the Titan FTP Server Web Interface.
2) CVE-2014-1842:
It is possible to obtain the complete list of existing users by writing "/../" on the search bar.
3) CVE-2014-1843:
It is possible to observe the "Properties" for an existing user home folder.
This also allows for enumeration of existing users on the system.
Associated CWE:
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
http://cwe.mitre.org/data/definitions/22.html
******************************************************************************
DESCRIPTIONS
============
1) CVE-2014-1841:
It is possible to copy the complete home folder of another user by leveraging a vulnerability on the Titan FTP Server Web Interface.
This is done by using the "Move" function, and replacing the "src" parameter value with the "/../<folder name of another user>" value.
2) CVE-2014-1842:
It is possible to obtain the complete list of existing users by writing "/../" on the search bar and hitting the "Go" button.
3) CVE-2014-1843:
It is possible to observe the "Properties" for an existing user home folder.
This also allows for enumeration of existing users on the system.
This is done by using the "Properties" function, and replacing the "src" parameter value with the "/../<folder name of another user>" value.
******************************************************************************
- Available fix:
Titan FTP Server software (Version 10.40 Build 1829):
+ titanftp32_10_40_1829_en.exe
+ titanftp64_10_40_1829_en.exe
- Related Links: Deloitte Argentina - www.deloitte.com/ar
- Feedback:
If you have any questions, comments, concerns, updates or suggestions please contact:
+ Fara Rustein
frustein@deloitte.com (Twitter: @fararustein)
+ Luciano Martins
lmartins@deloitte.com (Twitter: @clucianomartins)
******************************************************************************
Credits:
CVE-2014-1841:
1. It is possible to copy the complete home folder of another user by leveraging a vulnerability on the Titan FTP Server Web Interface.
Discovered by Fara Rustein - frustein@deloitte.com
CVE-2014-1842:
2. It is possible to obtain the complete list of existing users by writing "/../" on the search bar.
Discovered by Luciano Martins - lmartins@deloitte.com
CVE-2014-1843:
3. It is also possible to observe the "Properties" for an existing user home folder.
This also allows for enumeration of existing users on the system.
Discovered by Fara Rustein - frustein@deloitte.com
******************************************************************************
Fara Rustein | Senior Consultant
Cyber Security - Deloitte
The key is searching. Vs nfv zphz qsui ghzf zg xhv yvzqy gj tiwap.