Microsoft Texas Imperial Software WFTPD 3.0Pro Vulnerability
Privacy and Legal Notice
CIAC INFORMATION BULLETIN
L-024: Microsoft Texas Imperial Software WFTPD 3.0Pro Vulnerability
December 4, 2000 18:00 GMT
PROBLEM: Administrator user control option is flawed and could allow
root access, through a malformed command.
PLATFORM: Texas Imperial Software WFTPD 3.0Pro
- Microsoft Windows NT 4.0
- Microsoft Windows NT 3.5
- Microsoft Windows NT 2000
Texas Imperial Software WFTPD 2.41RC14 Pro
- Microsoft Windows 3.11WfW
- Microsoft Windows 3.1
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows NT 3.5
- Microsoft Windows NT 2000
Texas Imperial Software WFTPD 2.41RC14
- Microsoft Windows 3.11WfW
- Microsoft Windows 3.1
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows NT 3.5
- Microsoft Windows NT 2000
DAMAGE: A remote attacker could compromise the system if Winsock FTPd
has been installed on the same partition/drive as root.
SOLUTION: Apply the upgrades as specified.
VULNERABILITY The risk is HIGH. The vulnerability has been been publicly
ASSESSMENT: announced.
[****** Begin SecurityFocus Advisory ******]
bugtraq id 2005
class Access Validation Error
cve GENERIC-MAP-NOMATCH
remote Yes
local Yes
published November 27, 2000
updated November 29, 2000
vulnerable Texas Imperial Software WFTPD 3.0Pro
- Microsoft Windows NT 4.0
- Microsoft Windows NT 3.5
- Microsoft Windows NT 2000
Texas Imperial Software WFTPD 2.41RC14 Pro
- Microsoft Windows 3.11WfW
- Microsoft Windows 3.1
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows NT 3.5
- Microsoft Windows NT 2000
Texas Imperial Software WFTPD 2.41RC14
- Microsoft Windows 3.11WfW
- Microsoft Windows 3.1
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows NT 4.0
- Microsoft Windows NT 3.5
- Microsoft Windows NT 2000
Winsock FTPd is a popular FTP server from Texas Imperial Software.
A vulnerability exists in Winsock FTPd that could allow an unauthorized user to
browse the root directory of the drive where Winsock FTPd has been installed.
During install, Winsock FTPd allows the administrator to "Restrict to home
directory and below" effectively creating a chroot jail for users. Upon logging
in, a user can pass a the server a malformed change directory request that will
allow any user (including anonymous) to browse the root directory and possibly
retrieve/write files to the root directory on which Winsock FTPd resides.
Upon connecting to the Winsock FTPd server, a user could issue the command: cd
../../ This will normally result in the message "User is not allowed to ../../"
and will be returned to their chroot jail directory.
If the user issues the following command: cd /../.. they will not receive the
"User is not allowed to" message and will change directory to root on the drive
or partition where Winsock FTPd has been installed.
If the administrator has installed Winsock FTPd on the same drive or partition
that contains the operating system, a remote attacker could gain access to
systems files, password files, etc. that could lead to a complete system
compromise.
The vendor has issued the following upgrades that fix this
vulnerability:
Texas Imperial Software WFTPD 3.0Pro:
Texas Imperial Software upgrade protr300.zip
http://www.wftpd.com/downloads/protr300.zip
Texas Imperial Software WFTPD 2.41RC14 Pro:
Texas Imperial Software upgrade 32wfd241.zip
http://www.wftpd.com/downloads/32wfd241.zip
Texas Imperial Software WFTPD 2.41RC14:
Texas Imperial Software upgrade wftpd241.zip
http://www.wftpd.com/downloads/wftpd241.zip
credit
This vulnerability was first reported to Bugtraq on November 27, 2000 by
Interstellar Overdrive
reference
message: Vulnerability in Winsock FTPD 2.41/3.00 (Pro)
(Interstellar Overdrive )
web page: Texas Imperial Software Downloads
(Texas Imperial Software)
http://www.securityfocus.com/bid/2005
disclaimer
Privacy Statement
Copyright (c) 1999-2000 SecurityFocus.com
[****** End SecurityFocus Advisory ******]
CIAC wishes to acknowledge the contributions of SecurityFocus for the
information contained in this bulletin.
CIAC services are available to DOE, DOE Contractors, and the NIH. CIAC
can be contacted at:
Voice: +1 925-422-8193 (7 x 24)
FAX: +1 925-423-8002
STU-III: +1 925-423-2604
E-mail: ciac@llnl.gov
World Wide Web: http://www.ciac.org/
http://ciac.llnl.gov
(same machine -- either one will work)
Anonymous FTP: ftp.ciac.org
ciac.llnl.gov
(same machine -- either one will work)
This document was prepared as an account of work sponsored by an
agency of the United States Government. Neither the United States
Government nor the University of California nor any of their
employees, makes any warranty, express or implied, or assumes any
legal liability or responsibility for the accuracy, completeness, or
usefulness of any information, apparatus, product, or process
disclosed, or represents that its use would not infringe privately
owned rights. Reference herein to any specific commercial products,
process, or service by trade name, trademark, manufacturer, or
otherwise, does not necessarily constitute or imply its endorsement,
recommendation or favoring by the United States Government or the
University of California. The views and opinions of authors expressed
herein do not necessarily state or reflect those of the United States
Government or the University of California, and shall not be used for
advertising or product endorsement purposes.
UCRL-MI-119788
[Privacy and Legal Notice]
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
