| VID |
16097 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The glFTPD server, according to its banner, has multiple directory traversal vulnerabilities when handling .ZIP files. glFTPD is a free available FTP server for Linux and UNIX based systems. glFTPD versions 1.26 through 2.00 RC7 could allow an authenticated remote attacker to traverse directories and obtain sensitive information, caused by the vulnerabilities in the 'sitenfo.sh', 'sitezipchk.sh' and 'siteziplist.sh' scripts. These scripts do not properly validate user-supplied input. A remote authenticated user can access arbitrary files on the target system. A remote authenticated user can determine if files exist on the target system with the following type of command:
ftp> site nfo ../etc/group
A remote authenticated user can also view directory listings for directories outside of the FTP directory with the following type of command:
ftp> site nfo ../../../../../etc/*
And a remote authenticated user can view files within arbitrary zip files on the target system. A demonstration exploit command is provided:
ftp> site nfo ../../backup.zip p*
* Note: This check solely relied on the banner of the remote FTP server to assess this vulnerability, so this might be a false positive.
* References:
http://archives.neohapsis.com/archives/bugtraq/2005-02/0315.html
http://www.securitytracker.com/alerts/2005/Feb/1013242.html
* Platforms Affected:
glFTPD versions 1.26 through 2.00 RC7
Linux Any version
Unix Any version |
| Recommendation |
No upgrade or patch available as of March 2005.
Upgrade to the new version of glFTPD(2.00 RC8 or later), when new version fixed this problem becomes available from the glFTPD Web site at http://www.glftpd.com/ |
| Related URL |
CVE-2005-0483 (CVE) |
| Related URL |
12586 (SecurityFocus) |
| Related URL |
19401 (ISS) |
|
