FFFTP LIST Command Directory Traversal Vulnerability Network Vulnerability

Summary

This host is installed with FFFTP Client and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow remote attackers to create or overwrite arbitrary files on a vulnerable system by tricking a user into downloading a directory containing files. Impact Level: System

Solution

Upgrade to version 1.96d or later from, http://www2.biglobe.ne.jp/~sota/ffftp-e.html

Insight

The flaw is due to input validation error when processing FTP responses to a LIST command with a filename and is followed by ../ (dot dot forward-slash).

Affected

FFFTP version 1.96b and prior on Windows.

References

http://secunia.com/advisories/30428/
http://www.vupen.com/english/advisories/2008/1708/references

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-6424
CVSS Base Score: 8.8
AV:N/AC:M/Au:N/C:N/I:C/A:C

Related Vulnerabilities

Serv-U Multiple Security Vulnerabilities
ProFTPD Multiple Remote Vulnerabilities
ActFax FTP Server Post Auth 'RETR' Command Denial of Service Vulnerability
Open-FTPD Multiple Buffer Overflow Vulnerabilities
Serv-U Web Client HTTP Request Remote Buffer Overflow Vulnerability

Take action and discover your vulnerabilities