Golden FTP Server <= 2.60 LS Command Traversal Information Disclosure

medium Nessus Plugin ID 18615

Synopsis

The remote FTP server is affected by information disclosure flaws.

Description

The version of Golden FTP Server installed on the remote host is prone to multiple information disclosure vulnerabilities. Specifically, an authenticated attacker can list the contents of the application directory, which provides a list of valid users, and learn the absolute path of any shared directories.

Solution

Upgrade to Golden FTP Server 2.70 or later.

Plugin Details

Severity: Medium

ID: 18615

File Name: golden_ftp_server_ls_dir_traversal.nasl

Version: 1.28

Type: remote

Family: FTP

Published: 7/5/2005

Updated: 2/26/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2005-2142

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Vulnerability Information

CPE: cpe:/a:kmint21_software:golden_ftp_server

Required KB Items: ftp/login, ftp/password

Excluded KB Items: ftp/ncftpd, ftp/msftpd, ftp/fw1ftpd, ftp/vxftpd

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/1/2005

Reference Information

CVE: CVE-2005-2142

BID: 14124