Vulners
Lucene search
Platinum FTP Server
🗓️ 03 Nov 2005 00:00:00Reported by This script is Copyright (C) 2003 Douglas MinderhoutType 
openvas🔗 plugins.openvas.org👁 8 Views
# OpenVAS Vulnerability Test
# $Id: platinum_ftp.nasl 6053 2017-05-01 09:02:51Z teissa $
# Description: Platinum FTP Server
#
# Authors:
# Douglas Minderhout <[email protected]>
# Based on a previous script written by Renaud Deraison <[email protected]>
#
# Copyright:
# Copyright (C) 2003 Douglas Minderhout
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
tag_summary = "Platinum FTP server for Win32 has several vulnerabilities in
the way it checks the format of command strings passed to it.
This leads to the following vulnerabilities in the server:
The 'dir' command can be used to examine the filesystem of the machine and
gather further information about the host by using relative directory listings
(I.E. '../../../' or '\..\..\..').
The 'delete' command can be used to delete any file on the server that the
Platinum FTP server has permissions to.
Issuing the command 'cd @/..@/..' will cause the
Platinum FTP server to crash and consume all available CPU time on
the server.
*** Warning : OpenVAS solely relied on the banner of this server, so
*** this may be a false positive";
tag_solution = "see http://www.platinumftp.com/platinumftpserver.php";
# Thanks to: H D Moore
# Ref:
# Message-ID: <[email protected]>
# Date: Mon, 27 Jan 2003 08:01:52 +0100
# Subject: [VulnWatch] Multiple vulnerabilities found in PlatinumFTPserver V1.0.7
if(description){
script_id(11200);
script_version("$Revision: 6053 $");
script_tag(name:"last_modification", value:"$Date: 2017-05-01 11:02:51 +0200 (Mon, 01 May 2017) $");
script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
name = "Platinum FTP Server";
script_name(name);
script_category(ACT_GATHER_INFO);
script_tag(name:"qod_type", value:"remote_banner");
script_family("FTP");
script_copyright("This script is Copyright (C) 2003 Douglas Minderhout");
script_dependencies("find_service.nasl");
script_require_ports("Services/ftp", 21);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
exit(0);
}
#
# The script code starts here :
#
include("ftp_func.inc");
port = get_kb_item("Services/ftp");
if(!port)port = 21;
if(!get_port_state(port)) exit(0);
banner = get_ftp_banner(port: port);
if(banner) {
if(egrep(pattern:"^220.*PlatinumFTPserver V1\.0\.[0-7][^0-9].*$",string:banner)) {
security_message(port);
}
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 May 2017 00:00Current
0.2Low risk
Vulners AI Score0.2