<<< Date Index >>>     <<< Thread Index >>>

FTGate Pro Server - Multiple Vulnerabilities



Release Date: 09/01/2003

TITLE
=====
FTGate Pro - Multiple Vulnerabilities

DESCRIPTION
============
?FTGate is a professional, award winning family of
mail server applications that offer you exceptional
performance, comprehensive features, ease of use and
advanced security features in a cost effective
package.?

More information at http://www.floosietek.com

PROBLEMS
=========
Version  : FTGate Pro 1.2, build 1331 (latest build)
Tested Platform : Windows 2000, Windows XP
Professional

Multiple vulnerabilities have been found in FTGate Pro
WebAdmin interface (not enable to the Internet by
default) which allows the attackers to learn various
information about the FTGate server and exporting
FTGate sever's mailboxes to a text file (that
including administrator?s password, usernames?
passwords) which would lead the server to a total
compromised. 

DETAILS
=======
[Vulnerability #1] Information Disclosure

The script
http://www.victim.com:8089/tools/ftgatedump.fts will
dumb the FTGate  configuration into a file for you to
send to FTGate support team when you encountered a
problem with the software. Ftgatedump.fts script
doesn't provide proper privilege checking so you don't
need to have administrator's privilege to access to
that script.

Ftgatedump.fts script will dump various information
about your current FTGate Pro configuration to
x:\Program Files\FTGate\ftgate_dump.txt and allow you
to view the file by sending
http://www.victim.com:8089/tools/ftgatedump.fts?command=1
request to the server.

[Vulnerability #2] FTGate Pro Username and Password
exposures

Exportmbx.fts just does exactly what it say "exports
the mailboxes for a domain to a text file" and it
encounters the same problem like the ftgatedump.fts
script, no admin's credential is necessary to access
and execute the script therefore anyone could just
export mailboxes of any local domain into a file (CSV
format) and the file is located in the FTGate program
directory. Make sure you check the "Export Password"
option before exporting the mailbox.

Exportmbx.fts script does not have an option for you
to view the file like the ftgatedump.fts does but you
can get around that by either making exportmbx.fts
script export to a file named "ftgate_dump.txt" and
use the ftgatedump.fts script to view the file or you
can export it to FTGate server's root directory and
download it, there you have it folks.

VENDOR STATUS
==============
Vendor has verified and released a patch that fixes
the issues. Available at
http://www.floosietek.com/files/ftgate12.exe

Author: Phuong Nguyen



__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com