PlatinumFTPServer Multiple Vulnerabilities

This script is Copyright (C) 2003-2013 Douglas Minderhout

Synopsis :

The remote FTP server is vulnerable to several flaws.

Description :

Platinum FTP server for Win32 has several vulnerabilities in the way it
checks the format of command strings passed to it.
This leads to the following vulnerabilities in the server :

- The 'dir' command can be used to examine the filesystem of the machine
and gather further information about the host by using relative
directory listings.
(i.e. '../../../' or '\..\..\..').

- The 'delete' command can be used to delete any file on the server that
the Platinum FTP server has permissions to.

- Issuing the command 'cd @/..@/..' will cause the Platinum FTP server
to crash and consume all available CPU time on the server.

*** Warning : Nessus solely relied on the banner of this server, so
*** this may be a false positive

Solution :


Risk factor :

High / CVSS Base Score : 7.5

Family: FTP

Nessus Plugin ID: 11200 ()

Bugtraq ID: