Multiple FTP Server quote stat Command Traversal Arbitrary Directory Access
Medium Nessus Plugin ID 11679
SynopsisThe remote FTP server is prone to a directory traversal attack.
DescriptionThe remote FTP server is vulnerable to a flaw that allows users to access files outside the FTP server root.
An attacker may break out of his FTP jail by issuing the command :
ftp> quote stat ../*
Some versions of VisNetic FTP Server and Titan FTP Server are known to be affected by this issue.
SolutionContact your vendor for a patch.