| VID |
16107 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The Golden FTP server is vulnerable to directory traversal and information disclosure vulnerabilities. Golden FTP Server is easy to use personal FTP server for Windows platforms. Golden FTP server pro version 2.52 and earlier versions are two vulnerabilities as follows:
1) Directory Traversal Vulnerability: It allows remote attackers to read arbitrary files via '\..' sequences in the GET command.
2) Information Disclosure Vulnerability: By issuing a GET request for a file that does not exist, it reveals the absolute path of the FTP server in the resulting FTP error message.
* References:
http://secunia.com/advisories/15175
http://marc.theaimsgroup.com/?l=bugtraq&m=111530871716145&w=2
* Platforms Affected:
Golden FTP server pro version 2.52 and earlier
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of May 2005
Upgrade to the latest version of Golden FTP Server (2.52 later), when new version fixed this problem becomes available from the Golden FTP Server Download Web site at http://www.goldenftpserver.com/download.html
-- OR --
Filter malicious characters and character sequences in a FTP proxy. The impact of directory traversal attacks can be lessened by placing the FTP root on a separate drive letter or by restricting access using NTFS.
-- OR --
Use another product. |
| Related URL |
CVE-2005-1484,CVE-2005-1485 (CVE) |
| Related URL |
13479 (SecurityFocus) |
| Related URL |
(ISS) |
|
