Jason,
thank you for the reply!
We checked the release notes yesterday prior to our support request to the
list but we need to know whether WSFTP_Server "allowed" this user to create
the account and have access to modify WSFTP_Server remotely, without being
logged into win 2K as a system admin or elevated privileges.
How could an authorized user attack our WSFTP_Server software to create his
own account with HOST privileges ?
Was this a fault of version 2.02 ONLY ?
What advice/caution would be given to configuring WSFTP_Server as the
database solution?
Do you recommend DELETING the command line utilities installed as default
for adding new FTP users ?
Do you or does anyone else know an answer to this?
Cheers,
Marc
> -----Urspr�ngliche Nachricht-----
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]Im Auftrag von Jason Benton
> Gesendet: Donnerstag, 9. August 2001 14:54
> An: [EMAIL PROTECTED]
> Betreff: Re: [WS_FTP Forum] WSFTP vulnerable??
>
>
> >From the version 2.0.2 release notes....
>
> 2.0.3
> Fixed buffer overrun which would allow malicious code to be
> executed on the server.
> Fixed bug where the Resume value was not being reset to zero after use.
> This caused the server to use the Resume marker on all subsequent
> RETR requests for that session.
> Fixed a bug which allowed a Denial Of Service attack.
> Fixed a bug which allowed an infinite number of invalid commands
> to be sent to the server by both logged-in and non-logged-in
> client programs written specifically for that purpose. This
> would result in filling up the log if logging was turned on.
> There is now a limit of 10 invalid commands per session.
>
> Jason
>
> ----- Original Message -----
> From: "Marc Weigert" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Wednesday, August 08, 2001 7:42 PM
> Subject: [WS_FTP Forum] WSFTP vulnerable??
>
>
> Hello list,
>
> we use WSFTP SERVER version 2.02 and we realized some abuse today. There
> might be a HOLE within WSFTP SERVER with the problem of an authorized
> visitor creating a NEW USER ACCOUNT with ROOT ACCESS and
> HOST/ADMINISTRATOR
> RIGHTS. He was able to upload or download any files!
>
> How can an EXPLOIT occur?
> * buffer overload ?
> * cmd.exe
> * etc. ?
> ... and how can a repeat offense be prevented in the future ?
>
> We have upgraded our software from 2.02 to 2.03 today and removed the
> vulnerable FTP account.
>
> Any help would be more than appreciated.
>
> Cheers,
>
> Marc
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
>
>
>
> Please visit http://www.ipswitch.com/support/mailing-lists.html
> to be removed from this list.
Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from
this list.
