Home page logo
/

bugtraq logo Bugtraq mailing list archives

TitanFTP Server COMB directory traversal
From: bill () accensussecurity com
Date: Thu, 17 Jun 2010 13:56:21 -0600

Accensus Security Advisory L-01 TitanFtp Server Arbitrary File Download/Delete

Details

=============

Product: TitanFTPd

Security-Risk: high

Remote-Exploit: maybe, assuming anonymous ftp access

Local-Exploit: yes

Vendor URL: http://www.southrivertech.com/

Found By: Bill Finlayson

http://www.accensussecurity.com

Affected: Versions 8.10.1125 and likely previous

Issue:  the comb command is susceptible to a directory traversal attack which will allow downloading of arbitrary files 
on the server and deletion of arbitrary files on the server

Details: quote comb a ..//..//..//..//b
puts contents of 'b' in the file in the users home directory called 'a' and then deletes file b

Status: Submitted to Vendor 6/14/10 fixed 6/15/10


  By Date           By Thread  

Current thread:
  • TitanFTP Server COMB directory traversal bill (Jun 17)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]