Golden FTP Server Pro Nonexistant File Request Path Disclosure

2005-07-01T04:28:47
ID OSVDB:17679
Type osvdb
Reporter Lachlan. H(pseudonym_oky@ahoo.com)
Modified 2005-07-01T04:28:47

Description

Vulnerability Description

Golden FTP Server Pro contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by changing to a share directory and then attempting to retrieve a non-existant file, which will disclose the absolute path of a share resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Golden FTP Server Pro contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by changing to a share directory and then attempting to retrieve a non-existant file, which will disclose the absolute path of a share resulting in a loss of confidentiality.

References:

Vendor URL: http://www.goldenftpserver.com/ Security Tracker: 1014354 Secunia Advisory ID:15840 Related OSVDB ID: 17678 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=111530871716145&w=2 ISS X-Force ID: 20674 CVE-2005-1485