| VID |
16038 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The Broker FTP server has a directory traversal vulnerability.
TransSoft Ltd produces an FTP server for Windows NT and 9x systems called Broker FTP. The vulnerability in Broker FTP versions before 5.5 allows remote attackers to break out of the home directory of the anonymous FTP server and list arbitrary directories that reside on the server. Furthermore, depending on the privilege settings you may use other commands like delete outside the home directory.
* Platforms Affected:
Transsoft Broker FTP Server before 5.5
Windows 95
Windows 98
Windows NT Any version
* References:
http://www.securiteam.com/windowsntfocus/5GP0P004AS.html
http://www.iss.net/security_center/static/6189.php |
| Recommendation |
Upgrade to the latest version (FTP Broker 6.0 or later), available from http://www.ftp-broker.com |
| Related URL |
CVE-2001-0450 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
