| VID |
16125 |
| Severity |
30 |
| Port |
21 |
| Protocol |
TCP |
| Class |
FTP |
| Detailed Description |
The Golden FTP Server Pro is vulnerable to a directory traversal vulnerability via the LS command. KMiNT21 Software's Golden FTP Server Pro is a personal FTP server for Microsoft Windows platforms. Golden FTP Server Pro version 2.60 and possibly other versions could allow a remote, authenticated attacker to list arbitrary directories, caused by improper validation of user-supplied input in the handling of the LS (LIST) command. A remote attacker could exploit this flaw to disclose file names and user names from the application directory. In addition to this flaw, a remote attacker could also disclose the absolute path of a share by attempting to retrieve a file that does not exist.
* References:
http://secunia.com/advisories/15840/
* Platforms Affected:
KMiNT21 Software, Golden FTP Server Pro 2.60
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version of Golden FTP Server (2.70 or later), available from the Golden FTP Server Web site at http://www.goldenftpserver.com/ |
| Related URL |
CVE-2005-2142 (CVE) |
| Related URL |
14124 (SecurityFocus) |
| Related URL |
21219 (ISS) |
|
