Golden FTP Server Pro GET Traversal Arbitrary File Access

medium Nessus Plugin ID 18194

Synopsis

The remote FTP server is affected by a directory traversal flaw.

Description

The version of Golden FTP Server installed on the remote host is prone to a directory traversal attack. Specifically, an attacker can read files located outside a share with '\\..' sequences subject to the privileges of the FTP server process.

Solution

Use an FTP proxy to filter malicious character sequences, place the FTP root on a separate drive, or restrict access using NTFS.

See Also

https://seclists.org/bugtraq/2005/May/32

Plugin Details

Severity: Medium

ID: 18194

File Name: golden_ftp_server_traversal.nasl

Version: 1.30

Type: remote

Family: FTP

Published: 5/4/2005

Updated: 11/15/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2005-1484

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/a:kmint21_software:golden_ftp_server

Required KB Items: ftp/login, ftp/password

Excluded KB Items: ftp/ncftpd, ftp/msftpd, ftp/fw1ftpd, ftp/vxftpd

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/3/2005

Reference Information

CVE: CVE-2005-1484

BID: 13479