Detections
Analytics
Ruby ftpd Gem 'filename' Parameter Remote Command Execution
high Nessus Plugin ID 65078
Language:
Synopsis
The remote host is running an FTP server that is affected by a code injection vulnerability.Description
Nessus was able to exploit a code injection vulnerability in the Ruby ftpd Gem by providing a specially crafted 'filename' parameter to the LIST command.Solution
Upgrade to ftpd gem 0.2.2 or later.See Also
http://www.vapid.dhs.org/advisory.php?v=34
Plugin Details
Severity: High
ID: 65078
File Name: ftp_ruby_command_injection.nasl
Version: 1.9
Type: remote
Family: FTP
Published: 3/7/2013
Updated: 11/15/2018
Supported Sensors: Nessus
Vulnerability Information
CPE: x-cpe:/a:wconrad:ftpd
Required KB Items: ftp/login
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Patch Publication Date: 3/2/2013
Vulnerability Publication Date: 2/28/2013
Reference Information
BID: 58279