[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

TitanFTP Server COMB directory traversal

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: TitanFTP Server COMB directory traversal
From: bill@xxxxxxxxxxxxxxxxxxxx
Date: Thu, 17 Jun 2010 13:56:21 -0600

Accensus Security Advisory L-01 TitanFtp Server Arbitrary File Download/Delete

Details

=============

Product: TitanFTPd

Security-Risk: high

Remote-Exploit: maybe, assuming anonymous ftp access

Local-Exploit: yes

Vendor URL: http://www.southrivertech.com/

Found By: Bill Finlayson

http://www.accensussecurity.com

Affected: Versions 8.10.1125 and likely previous

Issue:  the comb command is susceptible to a directory traversal attack which 
will allow downloading of arbitrary files on the server and deletion of 
arbitrary files on the server

Details: quote comb a ..//..//..//..//b
puts contents of 'b' in the file in the users home directory called 'a' and 
then deletes file b

Status: Submitted to Vendor 6/14/10 fixed 6/15/10

Prev by Date: [SECURITY] [DSA 2063-1] New pmount packages fix denial of service
Next by Date: [security bulletin] HPSBUX02543 SSRT100152 rev.1 - HP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access,
Previous by thread: [SECURITY] [DSA 2063-1] New pmount packages fix denial of service
Next by thread: [security bulletin] HPSBUX02543 SSRT100152 rev.1 - HP-UX Running Apache with PHP, Remote Denial of Service (DoS), Unauthorized Access,
Index(es):
- Date
- Thread