J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: WhitSoft SlimServe FTPd Directory Traversal Vulnerability

Severity: CRITICAL

Description:

SlimServ FTPd is a free ftp server distributed and maintained by WhitSoft Development. SlimServe FTPd is designed to offer ftp services to the Microsoft Windows platform. It offers a simple configuration file, and is usable by novice computer users.

A vulnerability has been discovered in the server that could allow directory traversal. This problem could also allow the discovery of directory structure, and the downloading of files outside of the ftp root directory.

Insufficent checking and handling of input make it possible for a user to escape the ftp root directory. By issuing the command to the ftp daemon to change directory to a relative path, it is possible to leave the confines of the ftp root directory, and escape to the top level directory of the partition the ftp server is operating on.

The configuration parameter "root=" does not prevent this, even if the configured ftp root directory is several directories below the top level directory of the partition. Upon requesting a directory change of "...", the ftp server will change the users directory to the root of the partition the ftp server is operating on, allowing traversal of any directory on the partition afterwards, and downloading of any file on the partition.

Research of this vulnerability also indicates that setting the write bit on for the ftp root directory will allow a remote user to arbitrarily upload a file into any directory on the partition of the running ftp server.

Affected Products:

  • WhitSoft SlimServe FTPd 1.0.0
  • WhitSoft SlimServe FTPd 2.0.0

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.