Golden FTP Server <= 2.60 LS Command Traversal Information Disclosure

Medium Nessus Plugin ID 18615


The remote FTP server is affected by information disclosure flaws.


The version of Golden FTP Server installed on the remote host is prone to multiple information disclosure vulnerabilities. Specifically, an authenticated attacker can list the contents of the application directory, which provides a list of valid users, and learn the absolute path of any shared directories.


Upgrade to Golden FTP Server 2.70 or later.

Plugin Details

Severity: Medium

ID: 18615

File Name: golden_ftp_server_ls_dir_traversal.nasl

Version: $Revision: 1.22 $

Type: remote

Family: FTP

Published: 2005/07/05

Modified: 2014/07/11

Dependencies: 10092, 10084

Risk Information

Risk Factor: Medium


Base Score: 5

Temporal Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:kmint21_software:golden_ftp_server

Required KB Items: ftp/login, ftp/password

Excluded KB Items: ftp/msftpd, ftp/ncftpd, ftp/fw1ftpd, ftp/vxftpd

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2005/07/01

Reference Information

CVE: CVE-2005-2142

BID: 14124

OSVDB: 17678