Xlight FTP Server 3.5.5 Directory Traversal

2010-07-07T00:00:00
ID PACKETSTORM:91562
Type packetstorm
Reporter accensussecurity.com
Modified 2010-07-07T00:00:00

Description

                                        
                                            `Accensus Security Group Vulnerability Advisory [L-03]  
Date: 7/5/2010  
  
Vendor: http://www.xlightftpd.com/  
  
Effected Software: Xlight FTP Server 3.5.5  
  
Description of Vulnerability:  
The SFTP server contains several directory traversal vulnerabilities: get, ls, rm, rename, etc. For example get ../../../../boot.ini will grab c:\boot.ini  
  
Severity: Medium  
  
Local / Remote: Local  
  
Timeline:  
Vendor informed 7/2, fix released 7/4  
  
www.accensussecurity.com  
`