| VID |
16049 |
| Severity |
40 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The War-FTP FTP server has a directory traversal vulnerability, which allows a remote user to gain read access to directories outside of the ftp root in a Jarle Aase War FTPD Server. Once a user is logged into the server, a specially crafted 'dir' command will disclose an arbitrary directory. This vulnerability could allow an attacker to gain read access to various files residing on the target machine.
You can test for your server by issuing as the following command after logging into the server:
dir *./../..
* Platforms Affected:
Jarle Aase War FTPD 1.67 b04
* References:
http://online.securityfocus.com/bid/2444
http://online.securityfocus.com/archive/1/166824 |
| Recommendation |
Upgrade to the latest version (1.67 b5 or later) of War-FTPd, available from:
ftp://ftp.jgaa.com/pub/products/Windows/WarFtpDaemon/ |
| Related URL |
CVE-2001-0295 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
