FTP Server Traversal Arbitrary File Access (RETR)

medium Nessus Plugin ID 50811

Synopsis

The remote FTP server is susceptible to a directory traversal attack.

Description

The remote FTP server allows a user to retrieve files outside his home directory using a specially crafted 'RETR' command with traversal sequences.

A remote attacker could exploit this flaw to gain access to arbitrary files.

Solution

Contact the vendor for an update, use a different product, or disable the service altogether.

Plugin Details

Severity: Medium

ID: 50811

File Name: ftp_get_traversal.nasl

Version: 1.22

Type: remote

Family: FTP

Published: 11/24/2010

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score from a more in depth analysis done by tenable

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Exploitable With

Metasploit (QuickShare File Server 1.2.1 Directory Traversal Vulnerability)

Reference Information

BID: 39919, 40419, 44543, 44574, 44759, 46165