Info

Disclosure

Jan 19, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

FileCopa FTP Server contains a flaw that allows a remote attacker to read and write outside of the application's path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied to the 'STOR' and 'RETR' FTP commands.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Unknown

Solution

Upgrade to version 1.01 released on January 19, 2006 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

InterVations, Inc.

FileCopa FTP Server

1.01

References

Secunia Advisory ID: 18550
CVE ID: 2006-0344 (see also: NVD)
ISS X-Force ID: 24257
VUPEN Advisory: ADV-2006-0285
Vendor URL: http://www.filecopa.com/
Other Advisory URL: http://www.nii.co.in/vuln/filecopa.html

Credit

P@r@n01d - Network Intelligence (I) Pvt. Ltd.
$um$id -

Direct URL: http://osvdb.org/22694