ST FTP Service Arbitrary File/Directory Access

Medium Nessus Plugin ID 11677


Arbitrary files may be read on the remote hosts.


The remote FTP server is vulnerable to a flaw that allows users to access files that are outside the FTP server root.

An attacker may break out of his FTP jail by issuing the command :



Contact your vendor for a patch.

See Also

Plugin Details

Severity: Medium

ID: 11677

File Name: st_ftp_traversal.nasl

Version: $Revision: 1.21 $

Type: remote

Family: FTP

Published: 2003/06/02

Modified: 2012/07/13

Dependencies: 10092, 10079

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:st:ftp_service

Required KB Items: ftp/login

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2003/05/24

Reference Information

CVE: CVE-2003-0392

BID: 7674

OSVDB: 4925