Path traversal vulnerability #9

Closed
giampaolo opened this Issue May 28, 2014 · 10 comments

Comments

Projects
None yet
1 participant
Owner

giampaolo commented May 28, 2014

From yanra...@gmail.com on June 15, 2007 22:35:56

PATH TRAVERSAL VULNERABILTY

Most ftp filesystem commands are dangerously affected by path traversal.
The reason of this, is poor path filtering in 'normalize' and 'translate' 
methods of class 'abstracted_fs' (lines 1595-1625).

Tests have been conducted on pyftpdlib 0.1.1 on both windows xp and ubuntu 
7.04, revealing the same vulnerability.

Issuing following commands, user root's parent directory will erroneously 
be listed, giving access to forbidden parts of filesystem.

CWD /
LIST ..

Same problem affects commands like STOR and RETR, allowing an attacker to 
retrieve or upload arbitrary system files. This would be only limited by 
rights under which the server is running. For any reason user must be able 
to gain access to those areas.

In order to solve the problem, I've entirely rewritten both vulnerable 
methods.
I think this solution should be robust enough to avoid any path traversal 
issue.

Attachment: patch.py

Original issue: http://code.google.com/p/pyftpdlib/issues/detail?id=9

giampaolo self-assigned this May 28, 2014

Owner

giampaolo commented May 28, 2014

From billiej...@gmail.com on June 15, 2007 14:36:08

Status: Accepted
Labels: -Priority-Medium Priority-Critical Security Component-Logic

Owner

giampaolo commented May 28, 2014

From billiej...@gmail.com on June 15, 2007 15:38:10

Report verified: the problem occurs and it has critical priority.
Your patch will be surely included as part of the upcoming pyftpdlib release.
Really thanks for your valuable support.

My best regards.

Cc: aleaxit

Owner

giampaolo commented May 28, 2014

From billiej...@gmail.com on July 17, 2007 08:32:49

Owner: yanraber

Owner

giampaolo commented May 28, 2014

From billiej...@gmail.com on July 19, 2007 19:09:09

Status: Finished
Cc: jloden yanraber

Owner

giampaolo commented May 28, 2014

From billiej...@gmail.com on July 19, 2007 19:16:28

Fixed in SVN, revision #16
Owner

giampaolo commented May 28, 2014

From billiej...@gmail.com on September 07, 2007 15:51:05

Labels: Milestone-0.2.0

Owner

giampaolo commented May 28, 2014

From billiej...@gmail.com on September 17, 2007 09:34:19

Status: Fixed

Owner

giampaolo commented May 28, 2014

From billiej...@gmail.com on May 02, 2008 11:27:42

Labels: Version-0.1.1

Owner

giampaolo commented May 28, 2014

From billiej...@gmail.com on October 13, 2008 11:52:21

Labels: Component-Library

Owner

giampaolo commented May 28, 2014

From billiej...@gmail.com on October 13, 2008 11:54:36

Labels: -Component-Logic

giampaolo closed this May 28, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment