AceFTP 'LIST' Command Directory Traversal Vulnerability
BID:29989
Info
AceFTP 'LIST' Command Directory Traversal Vulnerability
| Bugtraq ID: | 29989 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-5175 |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 27 2008 12:00AM |
| Updated: | Nov 20 2008 09:03PM |
| Credit: | Tan Chew Keong |
| Vulnerable: |
Visicom Media AceFTP Pro 3.80.3 Visicom Media AceFTP Freeware 3.80.3 |
| Not Vulnerable: | |
Discussion
AceFTP 'LIST' Command Directory Traversal Vulnerability
AceFTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue allows an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks.
AceFTP Freeware 3.80.3 and AceFTP Freeware 3.80.3 are vulnerable; other versions may also be affected.
AceFTP is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input.
Exploiting this issue allows an attacker to write arbitrary files to locations outside of the application's current directory. This could help the attacker launch further attacks.
AceFTP Freeware 3.80.3 and AceFTP Freeware 3.80.3 are vulnerable; other versions may also be affected.
Exploit / POC
AceFTP 'LIST' Command Directory Traversal Vulnerability
An attacker can exploit this issue by enticing an unsuspecting victim to connect to a malicious server.
The following proof of concept is available:
Response to LIST:
/../../../../../../../../../testfile.txt\r\n
An attacker can exploit this issue by enticing an unsuspecting victim to connect to a malicious server.
The following proof of concept is available:
Response to LIST:
/../../../../../../../../../testfile.txt\r\n
Solution / Fix
AceFTP 'LIST' Command Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
AceFTP 'LIST' Command Directory Traversal Vulnerability
References:
References:
- Visicom Media Ace-FTP Homepage (Visicom Media)
- AceFTP FTP-Client Directory Traversal Vulnerability (vuln.sg)