| VID |
16051 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The PlatinumFTP server is vulnerable to multiple vulnerabilities via a dot dot(..) sequence.
The PatinumFTP server, written by BYTE/400, is a FTP server engine that runs as an application on Windows 98/NT/ME/2000 and XP. It simplifies management of all your FTP clients with regards to exchanging files over an IP connection. This server has multiple vulnerabilities, require any remote user with legitimate or anonymous access to an FTP server, due to failure to filter out ".." sequences in command request as the following:
1. "dot-dot" directory traversal vulnerability(V1.0.6 and V1.0.7 affected) :
This vulnerability arises when a remote attacker sends a 'DIR' command with "dot dot" sequence using (../) or (\..). It can allow a remote attacker to traverses directories out of the restricted directories.
DIR(LIST) ../../../../ (or ..\..\..\..\)
2. Data deletion vulnerability(only V1.0.6 affected) :
This vulnerability arises when a remote attacker sends a 'DELETE' command with malicious request using directory traversal sequence. It can allow a remote attacker to deletes arbitrary files, causes to destroy the file system.
DELETE(DELE) ..\..\..\..\boot.ini
3. Denial of Service vulnerability(V1.0.6 and V1.0.7 affected) :
This vulnerability arises when a remote attacker sends a 'CD' command with "@/.." strings. It can leads to a Denial of Service Condition where the server will use 99% on the CPU time.
CD(CWD) @/..@/..
* Note: This check solely relied on the banner of the remote FTP server to assess this vulnerability, so this might be a false positive. If you want to perform the real test by a denial of service attack, you can do it by scanning after enabling the "ftp/platinumftp/cd_cmd/dos" item in "Denial of Service Attacks" from the Policy Editor.
* Reference Sites for each vulnerability :
http://online.securityfocus.com/bid/6492
http://online.securityfocus.com/bid/6493
http://online.securityfocus.com/bid/6494
http://www.iss.net/security_center/static/10953.php
http://www.iss.net/security_center/static/10954.php
http://www.iss.net/security_center/static/10955.php
* References:
http://www.securiteam.com/windowsntfocus/5DP0D0U8UC.html
http://archives.neohapsis.com/archives/bugtraq/2002-12/att-0268/02-advisory.txt |
| Recommendation |
Upgrade to the PlatinumFTPserver (1.0.8 or later) version, available from the PlatinumFTPserver web site: http://www.platinumftp.com/platinumftpserver.php
Now the latest version, PlatinumFTPserver 1.0.9, is released on Feb. 2, 2003. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
