Release Date: 09/01/2003 TITLE ===== FTGate Pro - Multiple Vulnerabilities DESCRIPTION ============ ?FTGate is a professional, award winning family of mail server applications that offer you exceptional performance, comprehensive features, ease of use and advanced security features in a cost effective package.? More information at http://www.floosietek.com PROBLEMS ========= Version : FTGate Pro 1.2, build 1331 (latest build) Tested Platform : Windows 2000, Windows XP Professional Multiple vulnerabilities have been found in FTGate Pro WebAdmin interface (not enable to the Internet by default) which allows the attackers to learn various information about the FTGate server and exporting FTGate sever's mailboxes to a text file (that including administrator?s password, usernames? passwords) which would lead the server to a total compromised. DETAILS ======= [Vulnerability #1] Information Disclosure The script http://www.victim.com:8089/tools/ftgatedump.fts will dumb the FTGate configuration into a file for you to send to FTGate support team when you encountered a problem with the software. Ftgatedump.fts script doesn't provide proper privilege checking so you don't need to have administrator's privilege to access to that script. Ftgatedump.fts script will dump various information about your current FTGate Pro configuration to x:\Program Files\FTGate\ftgate_dump.txt and allow you to view the file by sending http://www.victim.com:8089/tools/ftgatedump.fts?command=1 request to the server. [Vulnerability #2] FTGate Pro Username and Password exposures Exportmbx.fts just does exactly what it say "exports the mailboxes for a domain to a text file" and it encounters the same problem like the ftgatedump.fts script, no admin's credential is necessary to access and execute the script therefore anyone could just export mailboxes of any local domain into a file (CSV format) and the file is located in the FTGate program directory. Make sure you check the "Export Password" option before exporting the mailbox. Exportmbx.fts script does not have an option for you to view the file like the ftgatedump.fts does but you can get around that by either making exportmbx.fts script export to a file named "ftgate_dump.txt" and use the ftgatedump.fts script to view the file or you can export it to FTGate server's root directory and download it, there you have it folks. VENDOR STATUS ============== Vendor has verified and released a patch that fixes the issues. Available at http://www.floosietek.com/files/ftgate12.exe Author: Phuong Nguyen __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com
