ID OPENVAS:801626 Type openvas Reporter Copyright (C) 2010 Greenbone Networks GmbH Modified 2017-02-20T00:00:00
Description
This host is installed with Robo-FTP and is prone to directory
traversal vulnerability.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_robo_ftp_client_dir_trav_vuln.nasl 5373 2017-02-20 16:27:48Z teissa $
#
# Robo-FTP Directory Traversal Vulnerability
#
# Authors:
# Sooraj KS <kssooraj@secpod.com>
#
# Copyright:
# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
tag_impact = "Successful exploitation will allow attacker to download or upload arbitrary
files. This may aid in further attacks.
Impact Level: Application";
tag_affected = "Robo-FTP versions prior to 3.7.5.";
tag_insight = "This flaw is due to an input validation error when downloading
directories containing files with directory traversal specifiers in the
filename. This can be exploited to download files to an arbitrary location
on a user's system.";
tag_solution = "Upgrade to Robo-FTP version 3.7.5 or later,
For updates refer to http://www.robo-ftp.com/download/";
tag_summary = "This host is installed with Robo-FTP and is prone to directory
traversal vulnerability.";
if(description)
{
script_id(801626);
script_version("$Revision: 5373 $");
script_tag(name:"last_modification", value:"$Date: 2017-02-20 17:27:48 +0100 (Mon, 20 Feb 2017) $");
script_tag(name:"creation_date", value:"2010-11-16 10:37:01 +0100 (Tue, 16 Nov 2010)");
script_bugtraq_id(44073);
script_cve_id("CVE-2010-4095");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_name("Robo-FTP Directory Traversal Vulnerability");
script_xref(name : "URL" , value : "http://secunia.com/advisories/41809");
script_xref(name : "URL" , value : "http://xforce.iss.net/xforce/xfdb/62548");
script_xref(name : "URL" , value : "http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_robo_ftp.html");
script_tag(name:"qod_type", value:"executable_version");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2010 Greenbone Networks GmbH");
script_family("General");
script_dependencies("gb_robo_ftp_client_detect.nasl");
script_require_keys("Robo/FTP/Ver");
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
exit(0);
}
include("version_func.inc");
## Get version from KB
roboVer = get_kb_item("Robo/FTP/Ver");
if(roboVer != NULL)
{
## Grep for Robo-FTP versions prior to 3.7.5
if(version_is_less(version:roboVer, test_version:"3.7.5") ){
security_message(0);
}
}
{"id": "OPENVAS:801626", "type": "openvas", "bulletinFamily": "scanner", "title": "Robo-FTP Directory Traversal Vulnerability", "description": "This host is installed with Robo-FTP and is prone to directory\n traversal vulnerability.", "published": "2010-11-16T00:00:00", "modified": "2017-02-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=801626", "reporter": "Copyright (C) 2010 Greenbone Networks GmbH", "references": ["http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_robo_ftp.html", "http://xforce.iss.net/xforce/xfdb/62548", "http://secunia.com/advisories/41809"], "cvelist": ["CVE-2010-4095"], "lastseen": "2017-07-02T21:10:04", "viewCount": 0, "enchantments": {"score": {"value": 6.6, "vector": "NONE", "modified": "2017-07-02T21:10:04", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-4095"]}, {"type": "htbridge", "idList": ["HTB22627"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310801626"]}], "modified": "2017-07-02T21:10:04", "rev": 2}, "vulnersScore": 6.6}, "pluginID": "801626", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_robo_ftp_client_dir_trav_vuln.nasl 5373 2017-02-20 16:27:48Z teissa $\n#\n# Robo-FTP Directory Traversal Vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will allow attacker to download or upload arbitrary\n files. This may aid in further attacks.\n Impact Level: Application\";\ntag_affected = \"Robo-FTP versions prior to 3.7.5.\";\ntag_insight = \"This flaw is due to an input validation error when downloading\n directories containing files with directory traversal specifiers in the\n filename. This can be exploited to download files to an arbitrary location\n on a user's system.\";\ntag_solution = \"Upgrade to Robo-FTP version 3.7.5 or later,\n For updates refer to http://www.robo-ftp.com/download/\";\ntag_summary = \"This host is installed with Robo-FTP and is prone to directory\n traversal vulnerability.\";\n\nif(description)\n{\n script_id(801626);\n script_version(\"$Revision: 5373 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 17:27:48 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 10:37:01 +0100 (Tue, 16 Nov 2010)\");\n script_bugtraq_id(44073);\n script_cve_id(\"CVE-2010-4095\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Robo-FTP Directory Traversal Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/41809\");\n script_xref(name : \"URL\" , value : \"http://xforce.iss.net/xforce/xfdb/62548\");\n script_xref(name : \"URL\" , value : \"http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_robo_ftp.html\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_robo_ftp_client_detect.nasl\");\n script_require_keys(\"Robo/FTP/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\n## Get version from KB\nroboVer = get_kb_item(\"Robo/FTP/Ver\");\n\nif(roboVer != NULL)\n{\n ## Grep for Robo-FTP versions prior to 3.7.5\n if(version_is_less(version:roboVer, test_version:\"3.7.5\") ){\n security_message(0);\n }\n}\n", "naslFamily": "General", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:45:04", "description": "Directory traversal vulnerability in the FTP client in Serengeti Systems Incorporated Robo-FTP 3.7.3, and probably other versions before 3.7.5, allows remote FTP servers to write arbitrary files via a .. (dot dot) in a filename in a server response.", "edition": 4, "cvss3": {}, "published": "2010-10-26T20:00:00", "title": "CVE-2010-4095", "type": "cve", "cwe": ["CWE-22"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-4095"], "modified": "2018-10-10T20:07:00", "cpe": ["cpe:/a:robo-ftp:robo-ftp:3.7.3", "cpe:/a:robo-ftp:robo-ftp:3.7.4"], "id": "CVE-2010-4095", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-4095", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:robo-ftp:robo-ftp:3.7.3:*:*:*:*:*:*:*", "cpe:2.3:a:robo-ftp:robo-ftp:3.7.4:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-04-27T19:23:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-4095"], "description": "This host is installed with Robo-FTP and is prone to directory\n traversal vulnerability.", "modified": "2020-04-23T00:00:00", "published": "2010-11-16T00:00:00", "id": "OPENVAS:1361412562310801626", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801626", "type": "openvas", "title": "Robo-FTP Directory Traversal Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Robo-FTP Directory Traversal Vulnerability\n#\n# Authors:\n# Sooraj KS <kssooraj@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801626\");\n script_version(\"2020-04-23T12:22:09+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 12:22:09 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-11-16 10:37:01 +0100 (Tue, 16 Nov 2010)\");\n script_bugtraq_id(44073);\n script_cve_id(\"CVE-2010-4095\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_name(\"Robo-FTP Directory Traversal Vulnerability\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/41809\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/62548\");\n script_xref(name:\"URL\", value:\"http://www.htbridge.ch/advisory/directory_traversal_vulnerability_in_robo_ftp.html\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_robo_ftp_client_detect.nasl\");\n script_mandatory_keys(\"Robo/FTP/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to download or upload arbitrary\n files. This may aid in further attacks.\");\n script_tag(name:\"affected\", value:\"Robo-FTP versions prior to 3.7.5.\");\n script_tag(name:\"insight\", value:\"This flaw is due to an input validation error when downloading\n directories containing files with directory traversal specifiers in the\n filename. This can be exploited to download files to an arbitrary location\n on a user's system.\");\n script_tag(name:\"solution\", value:\"Upgrade to Robo-FTP version 3.7.5 or later.\");\n script_tag(name:\"summary\", value:\"This host is installed with Robo-FTP and is prone to directory\n traversal vulnerability.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.robo-ftp.com/download/\");\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\nroboVer = get_kb_item(\"Robo/FTP/Ver\");\n\nif(roboVer != NULL)\n{\n if(version_is_less(version:roboVer, test_version:\"3.7.5\") ){\n report = report_fixed_ver(installed_version:roboVer, fixed_version:\"3.7.5\");\n security_message(port: 0, data: report);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "htbridge": [{"lastseen": "2020-12-24T11:29:35", "bulletinFamily": "software", "cvelist": ["CVE-2010-4095"], "description": "High-Tech Bridge SA Security Research Lab has discovered vulnerability in Robo-FTP which could be exploited to execute arbitrary code on vulnerable system. \n \n1) Directory Traversal Vulnerability in Robo-FTP: CVE-2010-4095 \nThe vulnerability exists due to insufficient sanitation of the downloaded filename. A remote attacker controlling an FTP server can trick user into downloading file with specially crafted filename, containing directory traversal sequences (e.g. \"..\\\\..\\\\..\\\\..\\\\..\\\\..\\\\..\\somefile.exe\") and write it into arbitrary locations on the target system. Successful exploitation might allow remote code execution but requires that victim uses Robo-FTP to connect to the FTP server and download a malicious file. \n\n", "modified": "2010-10-06T00:00:00", "published": "2010-09-27T00:00:00", "id": "HTB22627", "href": "https://www.htbridge.com/advisory/HTB22627", "type": "htbridge", "title": "Directory Traversal Vulnerability in Robo-FTP", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C/"}}]}
