AOH :: HP Unsorted T :: B1A-1314.HTM

TitanFTP Server COMB directory traversal



TitanFTP Server COMB directory traversal
TitanFTP Server COMB directory traversal



Accensus Security Advisory L-01 TitanFtp Server Arbitrary File Download/Delete

Details

============
Product: TitanFTPd

Security-Risk: high

Remote-Exploit: maybe, assuming anonymous ftp access

Local-Exploit: yes

Vendor URL: http://www.southrivertech.com/ 

Found By: Bill Finlayson

http://www.accensussecurity.com 

Affected: Versions 8.10.1125 and likely previous

Issue:  the comb command is susceptible to a directory traversal attack which will allow downloading of arbitrary files on the server and deletion of arbitrary files on the server

Details: quote comb a ..//..//..//..//b
puts contents of 'b' in the file in the users home directory called 'a' and then deletes file b

Status: Submitted to Vendor 6/14/10 fixed 6/15/10

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.