| VID |
16029 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
Version 0.97 of GuildFTP was detected. GuildFTPd is a small FTP server.
This server suffers from four security problems:
1. A directory traversal bug to gain access to files that reside outside the normal FTP root directory.
2. The program stores passwords in plain text format.
3. A buffer overrun in the SITE command with the ability to execute arbitrary code.
4. A memory leak in the input parsing code.
More Information:
http://www.securiteam.com/windowsntfocus/5CP0S2A4AU.html
http://www.securiteam.com/windowsntfocus/5GP050A4KK.html
http://www.securiteam.com/windowsntfocus/5CP0S2A4AU.html
http://www.securiteam.com/windowsntfocus/5GP050A4KK.html |
| Recommendation |
Upgrade to the latest version of GuildFTP server not to be vulnerable at the vendor site:
http://guildftpd.ztnet.com/Main.htm |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
