EFTP Vulnerabilities
Created 9/17/01
CAN 2001-1110
CAN 2001-1112
Impact
A remote attacker could view disk contents, sniff password hashes,
or execute commands on the server.
Background
The File Transfer Protocol (FTP) allows a client to store
or retrieve files on a server. EFTP
is an FTP client and server for Windows
platforms. EFTP features an encrypted mode which
provides secure file transfers across a network.
The Problems
CAN 2001-1110
Due to security problems in a number of EFTP commands, it could be
possible for a remote attacker to view the contents of the
server's directories, or to use the Universal Naming
Convention (paths beginning with \\) to
force the server to initiate a Netbios connection to the
Internet, thus allowing encrypted system passwords to be
gathered as they pass over the network. Such encrypted
passwords can be easily decrypted using readily available
cracking utilities, leading to a system compromise.
CAN 2001-1112
Furthermore, a buffer overflow condition could allow a
remote attacker to execute arbitrary commands by uploading
a specially crafted .lnk file, and then
listing the directory.
EFTP 2.0.7.337 and possibly earlier versions are affected
by this vulnerability.
Resolution
Download a fixed version
of EFTP when one becomes available. If one is not available,
then TCP port 21 should be blocked at the
gateway router or firewall as a precaution.
Where can I read more about this?
This vulnerability was posted to Bugtraq.
For more information about Netbios hash retrieval attacks in
general, see the @stake advisory.