3D FTP Client Directory Traversal Vulnerability Network Vulnerability

Summary

This host is installed with 3D FTP Client and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow attackers to write files into a user's Startup folder to execute malicious code when the user logs on. Impact Level: Application.

Solution

Upgrade to version 9.03 or later, For updates refer to http://3dftp.com/download_3dftp.htm

Insight

The flaw exists due to an error in handling of certain crafted file names. It does not properly sanitise filenames containing directory traversal sequences that are received from an FTP server.

Affected

3D FTP Client 9.0 build 2 (9.0.2) and prior.

References

http://osdir.com/ml/bugtraq.security/2010-08/msg00226.html
http://seclists.org/bugtraq/2010/Aug/227
http://vuln.sg/3dftp801-en.html
http://www.htbridge.ch/advisory/directory_traversal_in_3d_ftp_client.html
http://www.securityfocus.com/archive/1/513244

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3102
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

3D FTP Client Directory Traversal Vulnerability
pyftpdlib FTP Server Multiple Vulnerabilities
PCMAN FTP Server STOR Command Buffer Overflow vulnerability
EFTP tells if a given file exists
Golden FTP PASS Command Buffer Overflow Vulnerability

Take action and discover your vulnerabilities