Path traversal vulnerability #9

giampaolo · 2014-05-28T15:37:03Z

From yanra...@gmail.com on June 15, 2007 22:35:56

PATH TRAVERSAL VULNERABILTY

Most ftp filesystem commands are dangerously affected by path traversal.
The reason of this, is poor path filtering in 'normalize' and 'translate' 
methods of class 'abstracted_fs' (lines 1595-1625).

Tests have been conducted on pyftpdlib 0.1.1 on both windows xp and ubuntu 
7.04, revealing the same vulnerability.

Issuing following commands, user root's parent directory will erroneously 
be listed, giving access to forbidden parts of filesystem.

CWD /
LIST ..

Same problem affects commands like STOR and RETR, allowing an attacker to 
retrieve or upload arbitrary system files. This would be only limited by 
rights under which the server is running. For any reason user must be able 
to gain access to those areas.

In order to solve the problem, I've entirely rewritten both vulnerable 
methods.
I think this solution should be robust enough to avoid any path traversal 
issue.

Attachment: patch.py

Original issue: http://code.google.com/p/pyftpdlib/issues/detail?id=9

The text was updated successfully, but these errors were encountered:

giampaolo · 2014-05-28T15:37:05Z

From billiej...@gmail.com on June 15, 2007 14:36:08

Status: Accepted
Labels: -Priority-Medium Priority-Critical Security Component-Logic

giampaolo · 2014-05-28T15:37:06Z

From billiej...@gmail.com on June 15, 2007 15:38:10

Report verified: the problem occurs and it has critical priority.
Your patch will be surely included as part of the upcoming pyftpdlib release.
Really thanks for your valuable support.

My best regards.

Cc: aleaxit

giampaolo · 2014-05-28T15:37:07Z

From billiej...@gmail.com on July 17, 2007 08:32:49

Owner: yanraber

giampaolo · 2014-05-28T15:37:07Z

From billiej...@gmail.com on July 19, 2007 19:09:09

Status: Finished
Cc: jloden yanraber

giampaolo · 2014-05-28T15:37:08Z

From billiej...@gmail.com on July 19, 2007 19:16:28

Fixed in SVN, revision #16

giampaolo · 2014-05-28T15:37:09Z

From billiej...@gmail.com on September 07, 2007 15:51:05

Labels: Milestone-0.2.0

giampaolo · 2014-05-28T15:37:09Z

From billiej...@gmail.com on September 17, 2007 09:34:19

Status: Fixed

giampaolo · 2014-05-28T15:37:10Z

From billiej...@gmail.com on May 02, 2008 11:27:42

Labels: Version-0.1.1

giampaolo · 2014-05-28T15:37:11Z

From billiej...@gmail.com on October 13, 2008 11:52:21

Labels: Component-Library

giampaolo · 2014-05-28T15:37:12Z

From billiej...@gmail.com on October 13, 2008 11:54:36

Labels: -Component-Logic

giampaolo self-assigned this May 28, 2014

giampaolo closed this as completed May 28, 2014

This was referenced May 28, 2014

Problems with pyftpdlib and Python CE #24

Closed

Path traversal vulnerability in case of symlinks #55

Closed

giampaolo added Priority-High and removed Priority-Critical labels May 31, 2014

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Path traversal vulnerability #9

Path traversal vulnerability #9

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014

Path traversal vulnerability #9

Path traversal vulnerability #9

Comments

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014

giampaolo commented May 28, 2014