Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability

Type

Directory Traversal

Release Date

November 12, 2002

Product / Vendor

Hyperion FTP Server is a powerful,reliable FTP server for Windows 95/98/NT/2000, and supports all basic FTP commands, and much more, such as passive mode.

http://www.mollensoft.com

Summary

A vulnerability exists in Hyperion Ftp Server which allows a remote user to traverse the directories of a target host. This may lead to the disclosure of file and directory contents. Arbitrary directories can be accessed through the use of double dot '../' techniques when using the 'ls' command.

Tested

Hyperion Ftp Server v2.8.1 / Windows 2000 sp3
Hyperion Ftp Server v2.8.1 / Windows 98 SE

Vulnerable

Hyperion Ftp Server v2.8.1 / Windows 2000 sp3
Hyperion Ftp Server v2.8.1 / Windows 98 SE

Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory.

Author

Tamer Sahin
ts(at)securityoffice.net
http://www.securityoffice.net