Vulnerabilities In Pablo Software Solutions FTP Service 1.2

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Vulnerabilities In Pablo Software Solutions FTP Service 1.2
From: JeiAr <jeiar@xxxxxxxxx>
Date: 3 Jun 2003 20:41:27 -0000
Delivered-to: zerbey@localhost.horry.org
Delivered-to: mailing list bugtraq@securityfocus.com
Delivered-to: moderator for bugtraq@securityfocus.com
Delivery-date: Tue, 03 Jun 2003 22:33:52 +0100
Envelope-to: zerbey@wibble.co.uk
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@securityfocus.com; run by ezmlm


Plaintext Password Vulnerability

------------------------------------

User info is stored in users.dat in plaintext. If the

anonymous account is present (it is by default) the

entire FTP server can be compromised



ftp://somewhere/program files/pablo's ftp service/users.dat





Default Anonymous Account

------------------------------------

The anonymous account is by default set to 

have download access to anything in the C:\

directory. While this can be disabled by simply

deleting the anonymous account, it poses a 

serious threat for anyone not aware of the problem.



ftp://somewhere/windows/repair/sam





In conclusion this application is totally open to

complete compromise by default. Vendor was notified

and plans on releasing a fix soon.





Credits

------------------------------------

Creits go to JeiAr of GulfTech Computers 

and CSA Security Research Team 

http://www.gulftech.org

Prev by Date: CERT Summary CS-2003-02
Next by Date: kon2 exploit!!
Previous by thread: CERT Summary CS-2003-02
Next by thread: kon2 exploit!!
Index(es):
- Date
- Thread