| VID |
16035 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The anonymous FTP server has a directory traversal vulnerability. A remote attacker can issue a CWD (cd) command followed by "dot dot" sequences (in the form cd /../../../) to traverse directories and download or upload files outside of the FTP root directory.
* CVE references related to this flaw:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1295
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0963
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0294
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0480
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-1131
* References:
http://www.securiteam.com/windowsntfocus/5SP0M0055W.html
http://www.securiteam.com/windowsntfocus/6W00G206AM.html
http://www.der-keiler.de/Mailing-Lists/Securiteam/2001-08/0083.html |
| Recommendation |
Contact your vendor for a patch or an upgrade. If the patch or the upgrade for this flaw is not available, then use another FTP server. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
