MS05-044 Windows FTP Client File Transfer Location Tampering

Published: 2005-10-12
Last Updated: 2005-10-12 16:05:22 UTC
by Joshua Wright (Version: 2)
0 comment(s)

MS05-044 Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering

KB: 905495
CVE: CAN-2005-2126

This bulletin and related patch resolves a newly discovered public vulnerability.  The flaw exists in the Windows FTP Client on Windows 2000SP4 (with IE 6 SP1), XP SP1 and Windows Server 2003 computers.  An attacker can exploit the flaw to tamper with the file transfer location on the client during an FTP file transfer session.  When a client has manually chosen to transfer a file via FTP on affected systems, the attacker can redirect the storage location to a location such as the Startup Folder.  In general, if you do not download files from un-trusted FTP (or any other servers) then you really won't have a problem.  Unfortunately, most end users are too trusting of links on the web and email and can be exploited in a few situation.

Per Microsoft, the vulnerability is mitigated in 3 ways.

1) "The attacker would have to successful persuade end users to visit an FTP server hosting files with specially-crafted file names" and would not have a way to forcing the files to be transferred.  This would require our end-users to interact with dialog boxes and click on links without concern.
2) If the file of the same name already exists in this alternate location, then an "Overwrite File" warning message will be presented.  If end users click through the dialog box, then it will go ahead and overwrite the file.
3)  If the Internet Explorer setting "Enable Folder View for FTP Sites" is changed from the default disabled state, then the attack will be successful.
0 comment(s)


Diary Archives