FTP Service < 1.2 - Multiple Vulnerabilities

FTP Service < 1.2 – Multiple Vulnerabilities

漏洞ID 1053925 漏洞类型
发布时间 2003-06-03 更新时间 2003-06-03
图片[1]-FTP Service < 1.2 - Multiple Vulnerabilities-安全小百科CVE编号 N/A
图片[2]-FTP Service < 1.2 - Multiple Vulnerabilities-安全小百科CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/43442
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
FTP Service Multiple Vulnerabilities

Vendor: Pablo Software Solutions
Product: FTP Service
Version: <= 1.2
Website: http://www.pablovandermeer.nl/ftp_service.html

BID: 7799 7801 

Description:
FTPService.exe is a service-version of Pablo's FTP Server. This service enables you to have the FTP server active even when you're not logged into Windows. 

Anonymous Access
The anonymous account is by default set to have download access to anything in the C: directory. While this can be disabled by simply deleting the anonymous account, it poses a serious threat for anyone not aware of the problem. 

ftp://somewhere/windows/repair/sam 

In conclusion this application is totally open to complete compromise by default. Vendor was notified and plans on releasing a fix soon. 

Plaintext Password Weakness:
User info is stored in users.dat in plaintext. If the anonymous account is present (it is by default) the entire FTP server can be compromised 

ftp://somewhere/program files/pablo's ftp service/users.dat 

Solution:
Upgrade your version of Pablo FTP Service. 

Credits:
James Bercegay of the GulfTech Security Research Team.

相关推荐: Mosix ClumpOS Blank Default VNC Password Vulnerability

Mosix ClumpOS Blank Default VNC Password Vulnerability 漏洞ID 1102197 漏洞类型 Configuration Error 发布时间 2002-04-23 更新时间 2002-04-23 CVE编号…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享