Pablo FTP Server Arbitrary Directory Listing

2002-07-22T00:00:00
ID OSVDB:4995
Type osvdb
Reporter Arnaud Jacques(webmaster@securiteinfo.com)
Modified 2002-07-22T00:00:00

Description

Vulnerability Description

Pablo Software Solutions Quick and Easy FTP Server contains a flaw that allows a remote attacker to view directories outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied directly via the LIST command.

Solution Description

Upgrade to version 1.0 Build 010 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Pablo Software Solutions Quick and Easy FTP Server contains a flaw that allows a remote attacker to view directories outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied directly via the LIST command.

References:

Vendor URL: http://www.pablovandermeer.nl/ftp_server.html Mail List Post: http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0035.html Keyword: Directory Traversal ISS X-Force ID: 9647 CVE-2002-1054 Bugtraq ID: 5283