| VID |
16042 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The WFTPD daemon allows to traverse outside the restricted directory by uploading a .lnk file.
WFTPD is a popular FTP service software for Windows NT/2000/XP. Some versions of WFTPD contain a directory traversal vulnerability. This vulnerability arises when a remote attacker creates .lnk files(shortcuts), which point to any file and directory, and uploads these .lnk files on the server through the FTP service. Any writable directory is required on the server for uploading .lnk files. If a link points to a file or directory, the remote attacker will have the same access to the file or directory, then the file is essentially no longer secured. But, some servers prevents from uploading files with .lnk extension. For bypassing it, a remote attacker appends a '.' to the lnk
filename and uploads files as the following :
PUT local.lnk remote.lnk.
It is possible for the server to allows a remote attacker to gain access the significant system files and directories without any restrictions by accessing these .lnk files, creating shortcuts to otherwise protected files and directories.
* Platforms Affected :
WFTPD 2.4.1 Any Version
WFTPD 2.4.1 Pro Any Version
WFTPD 3.0 Any Version
WFTPD 3.0 Pro Any Version
* References:
http://online.securityfocus.com/bid/2957
http://www.iss.net/security_center/static/6760.php |
| Recommendation |
Upgrade to WFTPD (3.10R1 or later) or (Pro 3.10R1 or later), available from Texas Imperial Softwares home page : http://www.wftpd.com/downloads.htm.
The latest version, WFTPD Pro 3.20 Release 2 version, was released on October 17, 2002. |
| Related URL |
CVE-2001-1386 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
