Core FTP Server < 1.2 Build 515 Multiple Vulnerabilities

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The FTP server running on the remote host is affected by multiple
vulnerabilities.

Description :

The version of Core FTP installed on the remote host is prior to 1.2
build 515. It is, therefore, affected by multiple vulnerabilities :

- A race condition exists that could result in a denial
of service when invalid data is submitted to the 'AUTH
SSL' command. (CVE-2014-1441)

- An information disclosure vulnerability exists that
could allow an authenticated attacker to determine the
existence of arbitrary files on the remote server via
directory traversal attacks using the 'XCRC' command.
(CVE-2014-1442)

- An information disclosure vulnerability exists that
could allow an authenticated attacker to determine the
password of the last user that logged on via a
specially crafted string with the 'USER' command.
(CVE-2014-1443)

See also :

http://coreftp.com/forums/viewtopic.php?t=2985707
http://seclists.org/fulldisclosure/2014/Feb/39

Solution :

Upgrade to Core FTP 1.2 build 515 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 72662 ()

Bugtraq ID: 65428
65430
65432

CVE ID: CVE-2014-1441
CVE-2014-1442
CVE-2014-1443