CompleteFTP Directory Traversal Vulnerability

Bugtraq ID:	39802
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Apr 29 2010 12:00AM
Updated:	Apr 29 2010 12:00AM
Credit:	zombiefx
Vulnerable:	Enterprise Distributed Technologies CompleteFTP 3.3
Not Vulnerable:

CompleteFTP Directory Traversal Vulnerability

CompleteFTP is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue can allow an attacker to download arbitrary files outside of the FTP server root directory. This may aid in further attacks.

CompleteFTP 3.3.0 is vulnerable; other versions may also be affected.

CompleteFTP Directory Traversal Vulnerability

Attackers can use readily available tools and commands to exploit this issue.

CompleteFTP Directory Traversal Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

CompleteFTP Directory Traversal Vulnerability

References:

• CompleteFTP - Homepage (Enterprise Distributed Technologies)