Forums: Pablo Ftp Server Allows Remote Detection Of Local - Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

Pablo Ftp Server Allows Remote Detection Of Local Pablo FTP Server Allows Remote Detection

#1 Guest_ni3_boom_*

  • Group: Guests

Posted 19 January 2004 - 09:34 AM

CRITICAL:
Not critical

IMPACT:
Exposure of system information

WHERE:
From remote

SOFTWARE:
Pablo FTP Server 1.x

DESCRIPTION:
Arnaud Jacques has identified a vulnerability in Pablo FTP Server,
allowing malicious people to determine if a certain file exists on a
vulnerable system.

The problem is that the "del" command returns different error
messages. A "550 Permission denied" error message is returned when a
file exists, whereas a "550 File not found" error message is returned
when the file doesn't exist. This can be exploited to enumerate the
presence of files using the "../" character sequence.

The vulnerability affects version 1.77 and possibly prior.

SOLUTION:
Update to version 1.8.
http://www.pablovand...ftp_server.html

PROVIDED AND/OR DISCOVERED BY:
Arnaud Jacques aka scrap

----------------------------------------------------------------------
0
Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users

  • Share



Our Sponsors:


SwiftLayer Affiliate Web Hosting