CVE-2001-0934_Cooolsoft_PowerFTP_Server_2.03目錄遍歷漏洞

# CVE-2001-0934 Cooolsoft PowerFTP Server 2.03目錄遍歷漏洞
==INFO==

------oOo------
PowerFTP Server data revealing sensitive on DRIVES remotes
and Denial of Service Vulnerability (Released exploits Codes).
------oOo------

PowerFTPServer for Windows 9x/NT/2000 contains remote vulnerabilities 
which allow users to see and retrieve any file on the server. 
Exploit information included.

Company Affected: www.CooolSoft.com
Version: v2.03
Date Added: 08-28-01
Size: 1.83 MB
OS Affected: Windows 95/98/NT/2000

Author:

** Alex Hernandez 
** Thanks all the people from Spain and Argentina.
** Special Greets: White-B, Pablo S0r, Paco Spain, L.Martins 
** G.Maggiotti & H.Oliveira.

----=[Brief Description]=------------

PowerFTP Server is an FTP server for Windows 9x/NT/2000.
A bug  allows  any user to change to any directory and see 
files to PATH also GET files remotely.

----=[Summary]=----------------------

PowerFTP is a powerful FTP client/server software. The feature of 
PowerFTP is the function of multiple thread downloading and uploading. 
it can even split one big file into several parts, and it can make 
your computer as a standard FTP server but exist a big HOLES:

1) Reveling data sensitive REMOTE with account restricted on Drives
   CDROM. Floppy and HDD Proof of concept.
2) Exploit code data revealing (Remote).
3) Remote DoS proof of concept.
4) Exploit code DoS (Remote).
5) Exploit code DoS attack Floppy Drive (Remote).

------oOo------
Proof of concept

# uname -a
SunOS Lab 5.8 Generic_108528-03 sun4u sparc SUNW,Ultra-5_10
#

# ftp 10.0.0.1
Connected to 10.0.0.1.
220 Personal FTP Server ready
Name (10.0.0.1:root): temp
331 Password required for temp.
Password:
230 User temp logged in.
ftp>

------oOo------
Proof of concept

# uname -a
SunOS Lab 5.8 Generic_108528-03 sun4u sparc SUNW,Ultra-5_10
#

# ftp 10.0.0.1
Connected to 10.0.0.1.
220 Personal FTP Server ready
Name (10.0.0.1:root): temp
331 Password required for temp.
Password:
230 User temp logged in.
ftp>
ftp> pwd
257 "C:/WINDOWS/Application Data/Microsoft/Internet Explorer/Quick 
Launch/Mis documentos/tools/" is current directory.


------oOo------------------------------------
Vendor Response:
The vendor was notified
Support@cooolsoft.com
http://www.cooolsoft.com
Patch Temporary: Restricted files and Directories.

Alex Hernandez  (c) 2001.

------oOo------------------------------------