Conxint FTP Multiple Directory Traversal Vulnerabilities
BID:21081
Info
Conxint FTP Multiple Directory Traversal Vulnerabilities
| Bugtraq ID: | 21081 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-5947 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 15 2006 12:00AM |
| Updated: | Jul 06 2016 02:40PM |
| Credit: | Greg Linares is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Conxint FTP 2.2.603 |
| Not Vulnerable: | |
Discussion
Conxint FTP Multiple Directory Traversal Vulnerabilities
Conxint is prone to multiple directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow a remote attacker to access any file on the affected webserver.
Version 2.2.0603 is vulnerable to this issue; other versions may also be affected.
Conxint is prone to multiple directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
Exploiting these issues may allow a remote attacker to access any file on the affected webserver.
Version 2.2.0603 is vulnerable to this issue; other versions may also be affected.
Exploit / POC
Conxint FTP Multiple Directory Traversal Vulnerabilities
An attacker can exploit these issues using an FTP client.
The following proof of concept is available:
dir \..\..\..\windows\
An attacker can exploit these issues using an FTP client.
The following proof of concept is available:
dir \..\..\..\windows\
Solution / Fix
Conxint FTP Multiple Directory Traversal Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].