CVE-1999-1345

Vulnerability

Auto_FTP.pl version 0.2, a Perl script that automatically transfers files placed in a shared directory to a configured FTP server, uses /tmp/ftp_tmp as its shared directory with insecure permissions. The default configuration and directory permissions allow any local user to read and write files in that directory. Additionally, the configuration file /etc/auto_ftp.conf stores the FTP server username and password in plain text, readable by any local user with access to /etc [1].

Exploitation

A local attacker with any user account on the system can exploit this by placing arbitrary files into /tmp/ftp_tmp. The script does not verify the identity of the user placing the file, so a malicious file is automatically transferred to the remote FTP server upon detection. Simultaneously, the attacker can read any files that other users place into the shared directory, including sensitive data being transferred [1].

Impact

Successful exploitation results in unauthorized file disclosure (reading files intended for transfer) and a form of arbitrary file upload to the remote server, potentially allowing the attacker to exfiltrate data or introduce malicious content to the remote site. The FTP credentials are also exposed in plain text, enabling full compromise of the remote FTP server [1].

Mitigation

No official fix was released. The advisory recommends not using Auto_FTP when data confidentiality is important, as the design does not concern itself with security precautions. System administrators should consider alternative tools, apply strict permissions to the script and its directories, or remove the program entirely [1].