Golden FTP Server <= 2.60 LS Command Traversal Information Disclosure

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote FTP server is affected by information disclosure flaws.

Description :

The version of Golden FTP Server installed on the remote host is prone
to multiple information disclosure vulnerabilities. Specifically, an
authenticated attacker can list the contents of the application
directory, which provides a list of valid users, and learn the
absolute path of any shared directories.

Solution :

Upgrade to Golden FTP Server 2.70 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 18615 (golden_ftp_server_ls_dir_traversal.nasl)

Bugtraq ID: 14124

CVE ID: CVE-2005-2142