Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » PowerFTP Personal FTP Server Multiple Vulnerabilities

PowerFTP Personal FTP Server Multiple Vulnerabilities

by Nikola Strahija on February 13th, 2002 The PowerFTP server contains multiple vulnerabilities which could provide an attacker with the capability to ennumerate a system's structure, obtain read access to any file on the system and carry out a denial of service attack against it.


PowerFTPd Information Disclosure Vulnerabilities

The PowerFTP server does not properly parse directory information
to a relative path. As such, executing a simple 'PWD' command on
the server will return the full system path of the current directory
to the user.

Also, FTP account information is stored unencrypted in the file
ftpserver.ini. Through either physical access to the machine or by
abusing one of the directory traversal attacks described below,
elevated privileges could be obtained on the system by retrieving
this file.


PowerFTPd Directory Traversal Vulnerabilities

The PowerFTP server fails to properly restrict access to files outside
of the user directory. By either requesting a direct path to a file or
directory ('DIR c:') or by applying a variety of the "double dot"
notation ('DIR ..*.*') an attacker is able to break out of the assigned
directory and read/obtain any file on any system drive.


PowerFTP Buffer Overflow Vulnerabilities

Due to a failure to check the length of any of the arguments passed
to the PowerFTP server with any of the standard FTP commands, an
attacker can execute a denial of service attack against the PowerFTP
server by sending a string of 2050 bytes or more to the target system.

Upon receipt, the server will start consuming 100% cpu resources and
will become unresponsive. A restart of the application is required to
regain full functionality.

On a side note, the PowerFTP client which is distributed with this
package is literally riddled with overflow conditions like this as
well.


(..)


Solution:

Vendor has been notified of these problems on January 12, 2002. We
have yet to receive a reply. Recently PowerFTP v2.10 was released,
which is advertised as safe and efficient on the product web site.
None of these issues were fixed in this release. After unsuccessfully
retrying to contact the vendor, this has prompted us to publicly
release this information.

This was tested against PowerFTP Personal FTP Server v2.03 and PowerFTP
Personal FTP Server v2.10 on Win2k.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »