Multiple FTP Server quote stat Command Traversal Arbitrary Directory Access

Medium Nessus Plugin ID 11679


The remote FTP server is prone to a directory traversal attack.


The remote FTP server is vulnerable to a flaw that allows users to access files outside the FTP server root.

An attacker may break out of his FTP jail by issuing the command :

ftp> quote stat ../*

Some versions of VisNetic FTP Server and Titan FTP Server are known to be affected by this issue.


Contact your vendor for a patch.

See Also

Plugin Details

Severity: Medium

ID: 11679

File Name: visnetic_and_titan_ftp_traversal.nasl

Version: $Revision: 1.22 $

Type: remote

Family: FTP

Published: 2003/06/02

Modified: 2016/05/09

Dependencies: 10092, 10079

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:ND/RL:U/RC:ND

Vulnerability Information

Required KB Items: ftp/login, Settings/ParanoidReport

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2003/05/29

Reference Information

BID: 7718

OSVDB: 9396, 51702