by Tan Chew Keong
Release Date: 2008-06-27
[en] [jp]
Summary
A vulnerability has been found within the FTP client in AceFTP. When exploited, this vulnerability allows an anonymous attacker to write files to arbitrary locations on a Windows user's system.
Tested Versions
Details
This advisory discloses a vulnerability within the FTP client in AceFTP. When exploited, this vulnerability allows an anonymous attacker to write files to arbitrary locations on a Windows user's system.
The FTP client does not properly sanitise filenames containing directory traversal sequences (forward-slash) that are received from an FTP server in response to the LIST command.
An example of such a response from a malicious FTP server is shown below.
Response to LIST (forward-slash):
-rw-r--r-- 1 ftp ftp 20 Mar 01 05:37 /../../../../../../../../../testfile.txt\r\n
By tricking a user to download a directory from a malicious FTP server that contains files with fowward-slash directory traversal sequences in their filenames, it is possible for the attacker to write files to arbitrary locations on a user's system with privileges of that user. An attacker can potentially leverage this issue to write files into a user's Windows Startup folder and execute arbitrary code when the user logs on.
POC / Test Code
Please download the POC here and follow the instructions below.
Singapore Basic Theory Driving Test 480 - Questions And Answers Pdf
Here are a few sample questions and answers from the PDF document:
The Singapore Basic Theory Driving Test 480 questions and answers PDF document is an invaluable resource for individuals seeking to obtain a driving license in Singapore. With its comprehensive coverage, convenient format, and self-assessment features, this document is an essential tool for aspiring drivers to prepare for the BTDT and become safe and responsible drivers on Singapore's roads. Here are a few sample questions and answers
What is the minimum safe following distance from the vehicle in front? and self-assessment features
1 second B) 2 seconds C) 3 seconds D) 4 seconds Here are a few sample questions and answers
B) 2 seconds
Patch / Workaround
Avoid downloading files/directories from untrusted FTP servers.
Disclosure Timeline
2008-06-15 - Vulnerability Discovered.
2008-06-16 - Vulnerability Details Sent to Vendor via online support form (no reply).
2008-06-18 - Vulnerability Details Sent to Vendor again via online support form (no reply).
2008-06-25 - Vulnerability Details Sent to Vendor again via online support form (no reply).
2008-06-27 - Public Release.