Security Patch for CVE-2023-45685 Through CVE-2023-45690

Security Patch for CVE-2023-45685 Through CVE-2023-45690

An independent cyber security team (Rapid7) has identified several security issues mainly effecting the Linux versions of Titan SFTP and Titan MFT NextGen servers. The versions effected are version 2.0.17 and earlier of Titan SFTP and Titan MFT (formerly Cornerstone MFT) NextGen servers. All of the issues documented below have been fixed in version 2.0.18 of Titan SFTP and Titan MFT servers which we recommend that our customers upgrade to.

Windows and Linux platform issues:

  1. CVE-2023-45685 - "ZipSlip Execution": If the Administrator configured an event to unzip a user uploaded zip file that contained a relative path which includes ..\..\.. etc this could result in a file being placed outside the desired location on the system. With version 2.0.18 of Titan and later, zip files with relative paths will not unzip at all and an error will be logged. It would also be possible to avoid this issue by not configuring any events to unzip files.
  2. CVE-2023-45687 - "Sessation Fixation": We consider this a minor issue and still require an Admin username/password to create a session however we have made changes in 2.0.18 so that authentication via an Authorization header will not return a session to the client.
  3. CVE-2023-45689 - "Path Traversal In Admin Interface": If an Administrator has admin credentials to the Titan Server they can construct a request that would allow for path traversal and download/deletion of files. Since this requires Administrator credentials, we consider this a minor threat.
Linux only issues:

  1. CVE-2023-45686, CVE-2023-45688 - "WebDAV and FTP Path Traversal": This is a Linux only issue in which an authenticated user could use path traversal to access files outside the users home directory. This has been fixed in 2.0.18 so that any path outside the users home directory in Linux is not allowed.
  2. CVE-2023-45690 - "Information Leak": After installation the various data folders under /var/southrivertech/srxserver, permission was set to world read which if somebody had shell access to the system could read log files and database systems. Since this requires shell access we consider this a minor issue, however now on version 2.0.18 and later, the data folders will not have world read permission enabled.
Additional Security Steps:

As mentioned previously, upgrading to version 2.0.18 of Titan SFTP or Titan MFT will provide fixes for the issues mentioned above but there are some other ways to remedy the issue, specifically by configuring the Titan SFTP or Titan MFT service to not run under the Local System account but to instead use a specific Windows or Linux user account that has limited privileges. For example, you could create a Windows/Linux user account called "TitanAdmin" and only give this user account permissions to the data and log directory for the server. Then configure the service to run as the "TitanAdmin" user account and this would prevent any possibility of the server using path traversal to other locations. You would also need to make sure that the "TitanAdmin" user account has access to any UNC paths in use or SQL server instances if you are not using SQLite.

    • Related Articles

    • Is Cornerstone MFT, Titan FTP or WebDrive impacted by the Apache Log4j2 (CVE-2021-44228) vulnerability?

      Question Is Cornerstone MFT, Titan FTP or WebDrive impacted by the Apache Log4j2 (CVE-2021-44228) vulnerability? Reasoning I want to confirm if the software I am using is vulnerable to the exploit found in CVE-2021-44228 so I can take the necessary ...

    • Cornerstone Server Security Best Practices

      A Quick Start Guide for best practices for server security when configuring your Cornerstone MFT Server: https://southrivertech.com/wp-content/uploads/qs_Cornerstone_Server_Security.pdf

    • How To: Configure Password Security in Titan Nextgen

      Related To Titan Nextgen Builds 1.x Question How can I configure password security settings in Titan Nextgen? Reasoning I would like to be able set password expiration, restrict reuse of passwords and also configure the password complexity to ensure ...

    • How To: Harden SFTP settings in Titan Nextgen

      Related To Titan Nextgen Builds 2.x and above. Question How can I ensure my SFTP settings which include ciphers/Mac/Kex are as secure as possible? Reasoning I would like to minimize the risk of having a security issue in my organization by ...

    • Disabling Weak and Insecure Ciphers - Hardening a Server

      Titan FTP 2019 and Cornerstone MFT 2019 Server customers can use the following steps to harden their server. The goal is to harden your server to ensure all weak ciphers are disabled and a security scan, such as those offered by QualSys, will pass. ...