CVE-2001-0054
CVSS5.0
发布时间 :2001-02-16 00:00:00
修订时间 :2016-10-17 22:09:26
NMCOE    

[原文]Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack.


[CNNVD]Serv-U FTP远程目录遍历漏洞(CNNVD-200102-085)

        
        FTP Serv-U是CatSoft公司开发的Internet FTP服务器程序。
        Serv-U FTP服务器程序处理用户请求的实现上存在漏洞,远程攻击者可能利用此漏洞遍历服务器目录,访问任意文件。
        已通过认证的用户可以存取安装有Serv-U FTP的驱动器的ftproot目录。在主目录中具有读、写、执行和列目录权限的用户对于ftproot所在的分区上的任何文件将具有同样的权限。一旦用户处在主目录中,他们就能够通过特殊构造的GET请求来传送任何文件。所有隐藏的文件将被泄漏,即使打开了"Hide hidden files"特性。
        

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CWE (弱点类目)

CWE-22 [对路径名的限制不恰当(路径遍历)]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0054
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0054
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200102-085
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html
(VENDOR_ADVISORY)  BUGTRAQ  20001205 (no subject)
http://marc.info/?l=bugtraq&m=97604119024280&w=2
(UNKNOWN)  BUGTRAQ  20001205 Serv-U FTP directory traversal vunerability (all versions)
http://www.securityfocus.com/bid/2052
(VENDOR_ADVISORY)  BID  2052
http://xforce.iss.net/static/5639.php
(VENDOR_ADVISORY)  XF  ftp-servu-homedir-travers

- 漏洞信息

Serv-U FTP远程目录遍历漏洞
中危 输入验证
2001-02-16 00:00:00 2010-04-28 00:00:00
远程※本地  
        
        FTP Serv-U是CatSoft公司开发的Internet FTP服务器程序。
        Serv-U FTP服务器程序处理用户请求的实现上存在漏洞,远程攻击者可能利用此漏洞遍历服务器目录,访问任意文件。
        已通过认证的用户可以存取安装有Serv-U FTP的驱动器的ftproot目录。在主目录中具有读、写、执行和列目录权限的用户对于ftproot所在的分区上的任何文件将具有同样的权限。一旦用户处在主目录中,他们就能够通过特殊构造的GET请求来传送任何文件。所有隐藏的文件将被泄漏,即使打开了"Hide hidden files"特性。
        

- 公告与补丁

        厂商补丁:
        Cat Soft
        --------
        目前厂商已经最新版本的软件中修复了这个安全问题,请到厂商的主页下载:
        
        http://www.serv-u.com/

- 漏洞信息 (20461)

Serv-U 2.4/2.5 FTP Directory Traversal Vulnerability (EDBID:20461)
windows remote
2000-12-05 Verified
0 Zoa_Chien
N/A [点击下载]
source: http://www.securityfocus.com/bid/2052/info

FTP Serv-U is an internet FTP server from CatSoft.

Authenticated users can gain access to the ftproot of the drive where Serv-U FTP has been installed. Users that have read, write, execute and list access in the home directory will have the same permissions to any file which resides on the same partition as the ftproot, once a user is in the home directory they can successfully transfer any files using specially crafted GET requests. All hidden files will be revealed even if the 'Hide hidden files' feature is on.

Successful exploitation of this vulnerability could enable a remote user to gain access to systems files, password files, etc. This could lead to a complete compromise of the host. 

ftp> cd \..%20.
250 Directory changed to /..

ftp> cd %20..%20%20../winnt 250 Directory changed to /c:/TOMB/../WINNT
ftp> put autoexec.bat %20..%20%20../winnt/2.bat
200 PORT Command successful.
150 Opening ASCII mode data connection for 2.bat.
226 Transfer complete.
ftp> dir \..%20.\..%20.\winnt\ 		

- 漏洞信息

464
Serv-U FTP Server CD Command Encoded Traversal Arbitrary File / Directory Access
Remote / Network Access Input Manipulation
Loss of Confidentiality, Loss of Integrity Upgrade
Exploit Public Vendor Verified

- 漏洞描述

Serv-U FTP Server contains a flaw that allows a remote attacker to access arbitrary files and directories outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "cd" command.

- 时间线

2000-12-05 Unknow
2000-12-05 Unknow

- 解决方案

Upgrade to version 2.5i or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站