|
eScan Corporate Edition eScan Management Console FTP Server Arbitrary File Download
|
|
Secunia Advisory:
|
SA29246
|
|
|
Release Date:
|
2008-03-06
|
|
Last Update:
|
2008-03-11
|
|
Popularity:
|
2,827 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Exposure of system information
Exposure of sensitive information
|
|
Where:
|
From local network
|
|
Solution Status:
|
Unpatched
|
|
| Software: | eScan Corporate Edition 9.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2008-1221
|
|
Description:
Luigi Auriemma has discovered a vulnerability in eScan Corporate Edition, which can be exploited by malicious people to disclose sensitive information.
The vulnerability is caused due to the included FTP server in eScan Management Console/eScan Server allowing arbitrary files to be downloaded by e.g. specifying a slash or backslash character to indicate the root directory of the target system's disk.
Example:
ftp://[host]:2021/<dir>/<file>
ftp://[host]:2021/boot.ini
The vulnerability is confirmed in eScan Corporate Edition version 9.0.742.98 including eScan Management Console/eScan Server version 9.0.742.1. Other versions may also be affected.
Solution:
Restrict network access to the service.
Provided and/or discovered by:
Luigi Auriemma
Changelog:
2008-03-11: Added CVE reference.
Original Advisory:
http://aluigi.altervista.org/adv/escaz-adv.txt
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
