FFFTP LIST Command Directory Traversal Vulnerability Network Vulnerability

Summary

This host is installed with FFFTP Client and is prone to directory traversal vulnerability.

Impact

Successful exploitation will allow remote attackers to create or overwrite arbitrary files on a vulnerable system by tricking a user into downloading a directory containing files. Impact Level: System

Solution

Upgrade to version 1.96d or later from, http://www2.biglobe.ne.jp/~sota/ffftp-e.html

Insight

The flaw is due to input validation error when processing FTP responses to a LIST command with a filename and is followed by ../ (dot dot forward-slash).

Affected

FFFTP version 1.96b and prior on Windows.

References

http://secunia.com/advisories/30428/
http://www.vupen.com/english/advisories/2008/1708/references

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-6424

CVSS	Base Score: 8.8 AV:N/AC:M/Au:N/C:N/I:C/A:C

Related Vulnerabilities

Serv-U FTP Server SITE CHMOD Command Stack Overflow Vulnerability
ProFTPD Prior To 1.3.3g Use-After-Free Remote Code Execution Vulnerability
FileCopa FTP Server Directory Traversal Vulnerability
GuildFTPd Long SITE Command Overflow
Trellian FTP 'PASV' Response Buffer Overflow Vulnerability

Take action and discover your vulnerabilities