This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200501-24
(tnftp: Arbitrary file overwriting)
The 'mget' function in cmds.c lacks validation of the filenames
that are supplied by the server.
An attacker running an FTP server could supply clients with
malicious filenames, potentially allowing the overwriting of arbitrary
files with the permission of the connected user.
There is no known workaround at this time.
See also :
All tnftp users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=net-ftp/tnftp-20050103'
Risk factor :
Medium / CVSS Base Score : 5.0
Family: Gentoo Local Security Checks
Nessus Plugin ID: 16415 (gentoo_GLSA-200501-24.nasl)
CVE ID: CVE-2004-1294