Title: NetTerm FTP Server Multiple Vulnerabilities
Severity: HIGH
Description:
InterSoft's internet suite includes an FTP server which has been found to have numerous vulnerabilities. Among them:
The default configuration allows read/write access to the root of the C: drive for anonymous users. This write access includes overwrite and delete. If the server is setup with 'out of the box' options, anonymous remote users have full access to the operating system files and executables.
There is no administrator account, which means that any user with console access can alter the server's settings.
The encryption method used on the passwords for user accounts is reported to be weak and easily broken.
There are also multiple buffer overflows. Supplying over 1024-character arguments to the following commands will crash the server: dir, ls, mkdir, delete, and rmdir. Also, althouth the PASS buffer is truncated at 16 characters for users with accounts, this limit is not in place for the anonymous user (to allow for proper entry of email addresses as passwords) and a 1024-byte string 'password' will crash the server if user name 'anonymous' is supplied. It may be possible to exploit these overflows to run arbitrary code.
Affected Products:
- InterSoft NetTerm 4.2.0.x
References:
- Dragonmount Networks: DNA-1999-001
- InterSoft: InterSoft Hompage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
