Farmers WIFE FTP Server Multiple Command Traversal Arbitrary File Creation

This script is Copyright (C) 2006-2011 Tenable Network Security, Inc.


Synopsis :

The remote ftp server is affected by a directory traversal flaw.

Description :

The remote host appears to be running Farmers WIFE, a commercial
facilities, scheduling, and asset management package targeted at the
media industry.

The version of Farmers WIFE installed on the remote host includes an
FTP server that reportedly is vulnerable to directory traversal
attacks. A user can leverage this issue to read and write to files
outside the ftp root. Note that the application runs with SYSTEM
privileges under Windows.

See also :

http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041356.html

Solution :

Upgrade to Farmers WIFE 4.4 SP3 or later.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: FTP

Nessus Plugin ID: 20754 (farmerswife_ftp_dir_traversal.nasl)

Bugtraq ID: 16321

CVE ID: CVE-2006-0319

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial