4D WebSTAR Symlink Privilege Escalation

This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.


Synopsis :

The remote FTP server is affected by a local symbolic link
vulnerability.

Description :

The remote server is running 4D WebStar FTP Server. The version of 4D
WebStar FTP Server on the remote host is reportedly affected by a
local symbolic link vulnerability caused by the application opening
files without properly verifying their existence or their absolute
location.

Successful exploitation of this issue will allow an attacker to write
to arbitrary files subject to the permissions of the affected
application.

See also :

http://archives.neohapsis.com/archives/vulnwatch/2004-q3/0005.html

Solution :

Upgrade to 4D WebStar 5.3.3 or later.

Risk factor :

Low / CVSS Base Score : 3.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 3.0
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 14241 (4d_webstar_symb_link.nasl)

Bugtraq ID: 10714

CVE ID: CVE-2004-0698