EFTP Multiple Command Traversal Arbitrary Directory Listing

medium Nessus Plugin ID 10933

Synopsis

The remote FTP server is affected by an information disclosure vulnerability.

Description

The version of EFTP installed on the remote host can be used to determine if a given file exists on the remote host or not, by adding dot-dot-slashes in front of them.

For instance, it is possible to determine the presence of '\autoexec.bat' by using the command SIZE or MDTM with the argument '../../../../autoexec.bat'

An attacker may leverage this flaw to gain more knowledge about this host, such as its file layout. This flaw is especially useful in combination with other vulnerabilities.

Solution

Upgrade to version 3.2 or higher, as it has been reported to fix this vulnerability.

See Also

https://seclists.org/bugtraq/2001/Sep/135

Plugin Details

Severity: Medium

ID: 10933

File Name: eftp_directory_traversal.nasl

Version: 1.36

Type: remote

Family: FTP

Published: 3/29/2002

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3.1

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Vulnerability Information

Required KB Items: ftp/login, Settings/ThoroughTests

Exploit Ease: No exploit is required

Vulnerability Publication Date: 9/12/2001

Reference Information

CVE: CVE-2001-1109

BID: 3333