Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Serv-U < 2.5i CD Command Traversal Directory / File Access

Medium

Synopsis

The remote host is vulnerable to a flaw which allows attackers to retrieve sensitive files or data.

Description

It is possible to break out of the remote FTP chroot by appending %20s in the CWD command, as in : CWD %20.. This problem allows an attacker to browse the entire remote file system.

Solution

Upgrade to Serv-U 2.5i or higher.