| VID |
16087 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The TYPSoft FTP server, according to its version number, has a Directory Traversal Vulnerability.
TYPSoft FTP Server is a free FTP server for Microsoft Windows. Several versions of TYPSoft FTP server allow a remote attacker to traverse directories located outside of the FTP root directory, caused by a failure to the application to properly filter '...' character sequences from user-supplied commands. By sending a GET, CWD and LIST command containing relative path references (ie '/.../', '/../' or '*.*' sequences), a remote attacker could traverse directories and view arbitrary files and directories outside of the FTP root directory. It could allow a remote attacker to obtain the sensitive system data including directory information, password files or other exploitable data.
* Note: This check solely relied on the version number of the remote TYPSoft FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://securitytracker.com/alerts/2002/Dec/1005832.html
http://www.idefense.com/advisory/12.16.02a.txt
* Platforms Affected:
TYPSoft FTP Server 0.95 and earlier
TYPSoft FTP Server 0.97.1
TYPSoft FTP Server 0.99.8
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of TYPSoft FTP Server (0.99.13 or later), available from the TYPSoft FTP Web site at http://en.typsoft.com/ |
| Related URL |
CVE-2001-0294,CVE-2002-0558 (CVE) |
| Related URL |
2489 (SecurityFocus) |
| Related URL |
6165 (ISS) |
|
