SnugServer is an Email Server, Web Server, FTP Server, NewsServer and ListServer. It's your all-in-one solution to managing your Internet Presence. Send/receive emails through your own server, host your own website(s) and so much more.
Sow Ching Shiong, an independent vulnerability researcher has identified a Directory Traversal vulnerability in SnugServer FTP Server. This issue was discovered in a default installation of SnugServer FTP Server 4.3.0.126. Other earlier versions may also be affected.
Proof of concept
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhA07BH9-KaJwyaIEOg6l9dIbevUDJBvx9gaH4WIx8EXLU3g7S0lfRoSCmF8ujgDcV1RbKdszOm5mB-peCMIhTVJiS5c44cd2IV6FbckQDF3Uu4mE6Hmd8xx1vU9866OknCwIewusU4JXz7/s400/PoC.jpg)
Solution
Update to version 4.3.0.134 or later.
Reference
Secunia: http://secunia.com/advisories/39866/
Disclosure Timeline
2010-05-20 - Vulnerability discovered.
2010-05-20 - Vulnerability reported to Secunia.
2010-05-20 - Secunia confirmed the vulnerability and contacted the vendor.
2010-05-21 - Patch released.
2010-05-21 - Advisory published by Secunia.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.