CERT/CC Vulnerability Note VU#771771

Overview

Shambala FTP server has a directory traversal vulnerability in its handling of the CWD command.

Description

Shambala FTP server contains a directory traversal vulnerability in its handling of the CWD command. Attackers may exploit this vulnerability to read directories and files outside of the FTP root directory.

Impact

Remote attackers with FTP accounts may read directories and files outside of the FTP root directory.

Solution

The CERT/CC is currently unaware of a practical solution to this problem.

Vendor Information

771771

Filter by status:

Filter by content: Additional information available

Sort by:

Expand all

Evolvable Affected

Updated: September 25, 2002

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

http://securitytracker.com/alerts/2001/Jun/1001698.html

Acknowledgements

Thanks to alt3kx! for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

CVE IDs:	None
Severity Metric:	2.07
Date Public:	2001-06-07
Date First Published:	2002-09-27
Date Last Updated:	2002-09-27 16:08 UTC
Document Revision:	4

Software Engineering Institute

CERT Coordination Center

Shambala FTP Server does not adequately validate user input thereby allowing directory traversal

Vulnerability Note VU#771771

Overview

Description

Impact

Solution

Vendor Information

Evolvable Affected

Status

Vendor Statement

Vendor Information

Addendum

CVSS Metrics

References

Acknowledgements

Other Information

Contact CERT/CC