COMMAND

    CesarFTP

SYSTEMS AFFECTED

    CesarFTP v0.98b

PROBLEM

    'ByteRage' found following.

    1) Directory Traversal
    ======================
    First, we need a directory where  we have access to on the  victim
    host...  (Or we can create one if we have enough rights)

        ftp://127.0.0.1/

    might give us a directory RESTRICTED/ for example now we do:

        ftp://127.0.0.1/RESTRICTED/...%5c/

    and we're out of the restricted subdirectory, we have read  access
    to the whole harddrive

    2) Weak password encryption
    ===========================
    Once again  an FTP  server with  weak password  encryption...  The
    username:password pairs  are stored  in plaintext  in the  program
    directory (\program  files\CesarFTP\settings.ini).   Combined with
    the directory traversal, the password file can be easily  attained
    by any user...

SOLUTION

    Nothing yet.