Method: simple directory traversal Risk: Medium Website: www.typsoft.com (updated version available) Hello All versions of TYPSoft FTP Server 0.97.1 (and previous, but not tested) are vulnerable to another directory traversal vulnerability than the one already published on BugTraq. A directory traversal vulnerability (http://online.securityfocus.com/bid/2489) was already fixed in TYPSoft FTP Server 0.85... but it is still possible to use the following method: Note: it's possibly the same vulnerability as mentioned on http://www.eeye.com/html/Support/Retina/RTHs/FTP_Servers/654.html concerning 0.95, but the author was not aware of the problem in his software... simply add a the asterisk symbol (*) and every directory on the same partition can be listed: ls ../../*.* ls "../../My%20files/*.*" etc.. This allows an attacker to gain usefull information for further attacks. Files CANNOT be downloaded using this vulnerability... Fix: Download the latest version (07-04-2002 TYPSoft 0.97.5 (next version after 0.97.1) from www.typsoft.com) Regards, Ueli Kistler iuk@gmx.ch / eclipse@packx.net www.eclipse.fr.fm / www.packx.net "Two things are infinite, the universe and the human stupidity, but with the universe I am not so sure.", Albert Einstein (1879 - 1955) .-~-.___. _________ / | (. \ \|::::::;\ ( ) O -|root:0:0| \_/ ____/ -|:::::::;/ /==/ _ /|::::::;| / \_¯¯_: /_______\ / __/¯| ____ | | =(_______| |_________| What if Dogs would hack your box...? Greatz to: PackX (www.packx.net) - home of Rafale X, a scriptable packet building tool --
