Multiple FTP Server Traversal Arbitrary File/Directory Access

This script is Copyright (C) 2003-2014 Tenable Network Security, Inc.


Synopsis :

The remote FTP server allows arbitrary file access

Description :

The remote FTP server allows anybody to switch to the root directory
and read potentialy sensitive files.

See also :

http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0022.html

Solution :

If this is Thomas Krebs Nite Server, upgrade to version 1.85 or later.
Otherwise contact your vendor for the appropriate patch.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:H/RL:U/RC:C)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 11466 ()

Bugtraq ID: 6648

CVE ID: CVE-2003-1349