Title: SunFTP Unauthorized File Access Vulnerability
Severity: LOW
Description:
SunFTP is a freeware ftp server written by Rasmus J.P. Allenheim and associates for Windows platforms.
When users connect to the ftp server, they have access to a restricted filesystem, the ftp-root. Checks are put in place to ensure that the users do not have access any files outside of this ftp-root directory. Unfortunately a vulnerability exists in the implementation of these safeguards that may lead to a compromise of the server.
This protection system is successful in preventing users from changing to these outside directories. It fails, however, when users are retrieving or uploading files. If a file from a directory relative to the ".." directory is requested, it will be honoured and the 'restricted' file will be sent to the user.
If the user has upload access, then arbitrary files can be uploaded to anywhere on the filesystem (outside of ftp-root) using this vulnerability. An attacker could gain control of the host using this vulnerability by overwriting critical files with malicious replacements (for example, autoexec.bat).
Affected Products:
- Rasmus J.P. Allenheim SunFTP 1.0.0 Build 9
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
