3D-FTP Multiple Directory Traversal Vulnerabilities

High Nessus Plugin ID 33218


The remote host has an application that is affected by multiple directory traversal vulnerabilities.


The remote host has the 3D-FTP FTP client installed.

The installed version of 3D-FTP is affected by multiple directory traversal vulnerabilities. By prefixing '../' to filenames in response to 'LIST' and 'MLSD' commands, it may be possible for an attacker to write arbitrary files outside the client's directory, subject to the privileges of the user. An attacker can leverage this issue to write arbitrary files (potentially containing malicious code) to client startup directory which would then be executed when the user logs on.
In order to successfully exploit this issue, an attacker must trick a user into downloading a specially-named file from a malicious ftp server.


Upgrade to 3D-FTP version 8.0.2 or later.

See Also



Plugin Details

Severity: High

ID: 33218

File Name: 3dftp_dir_traversal.nasl

Version: $Revision: 1.11 $

Type: local

Agent: windows

Family: Windows

Published: 2008/06/18

Modified: 2016/05/04

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 7.6

Temporal Score: 6.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2008-2822

BID: 29749

OSVDB: 46155

Secunia: 30651

CWE: 22