SunFTP Multiple Command Traversal Arbitrary File Creation/Deletion

high Nessus Plugin ID 11374

Synopsis

The remote host has an application that is affected by multiple vulnerabilities.

Description

Directory traversal vulnerability in SunFTP build 9 allows remote attackers to read arbitrary files via .. (dot dot) characters in various commands, including (1) GET, (2) MKDIR, (3) RMDIR, (4) RENAME, or (5) PUT.

Solution

Switching to another FTP server, SunFTP is discontinued.

Plugin Details

Severity: High

ID: 11374

File Name: sunftpd_traversal.nasl

Version: 1.16

Type: remote

Family: FTP

Published: 3/13/2003

Updated: 8/22/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.5

CVSS v2

Risk Factor: High

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Vulnerability Information

Patch Publication Date: 3/2/2001

Vulnerability Publication Date: 3/2/2001

Reference Information

CVE: CVE-2001-0283