Title: Mindstorm Networks SmartFTP Daemon 0.2 Directory Traversal Vulnerability
Severity: HIGH
Description:
Each time an account is added to Mindstorm Networks SmartFTP Daemon, a unique user file is created that contains the password, user rights, and other pertinent details and utilizes the filename format of username.FTP_user. A user who has an existing account on SmartFTP Daemon (including anonymous) and possesses write access can gain full access to the host by modifying this particular user file and uploading it to anywhere on the filesystem.
This can be accomplished by uploading a specially modified user file with a filename of username.FTP_user containing an arbitrary username and full access rights. This file can then be accessed by entering a username of "../path/username" (the number of '../' corresponding with the number of directories to traverse) at the login prompt. This will grant access to the ftp server with the access rights specified in the user file.
Affected Products:
- Mindstorm Networks SmartFTP Daemon 0.2.0
References:
- Mindstorm Networks: SmartFTP Daemon Product Home Page
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
