smallftpd Multiple Vulnerabilities (Traversal, DoS)

high Nessus Plugin ID 11573

Language:

Synopsis

The remote FTP service is vulnerable to an access control breach.

Description

The remote FTP server is vulnerable to a flaw that allows users to access files that are outside the FTP server root.

An attacker may break out of his FTP jail by issuing the command :

CWD \..\..

In addition, it has been reported that a user can crash the service by supplying malformed input to the login process or large arguments to several commands.

Solution

If you are running smallftpd upgrade to version 1.0.3 or higher, otherwise contact your vendor for a patch.

See Also

https://seclists.org/vuln-dev/2003/Apr/62

Plugin Details

Severity: High

ID: 11573

File Name: small_ftp_traversal.nasl

Version: 1.23

Type: remote

Family: FTP

Published: 5/6/2003

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport, ftp/login

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 7472, 7473, 7474