| VID |
16043 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The Transsoft Broker FTP daemon allows to traverse outside the restricted directory by uploading a .lnk file.
Transsoft Broker FTP is an FTP server for the Windows platform. Some versions of Transsoft Broker FTP contain a directory traversal vulnerability. This vulnerability arises when a remote attacker creates .lnk files(shortcuts), which point to any file and directory, and uploads these .lnk files on the server through the FTP service. Any writable directory is required on the server for uploading .lnk files. If a link points to a file or directory, the remote attacker will have the same access to the file or directory, then the file is essentially no longer secured. But, some servers prevents from uploading files with .lnk extension. For bypassing it, a remote attacker appends a '.' to the lnk
filename and uploads files as the following:
PUT local.lnk remote.lnk.
It is possible for the server to allows a remote attacker to gain access the significant system files and directories without any restrictions by accessing these .lnk files, creating shortcuts to otherwise protected files and directories.
* Platforms Affected :
TransSoft Broker FTP Server 3.0 Any Version
TransSoft Broker FTP Server 4.0/5.0/5.1
TransSoft Broker FTP Server 4.7.5.0
TransSoft Broker FTP Server 5.7/5.7.5
TransSoft Broker FTP Server 5.9.5.0
* References:
http://online.securityfocus.com/bid/2960
http://www.iss.net/security_center/static/6760.php |
| Recommendation |
No remedy available as of Jan. 2003. Contact your vendor for patch or upgrade information. |
| Related URL |
CVE-2001-1042 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
