BID:39919

VicFTPS Directory Traversal Vulnerability

Info

VicFTPS Directory Traversal Vulnerability

Bugtraq ID:	39919
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	May 04 2010 12:00AM
Updated:	May 04 2010 12:00AM
Credit:	chr1x
Vulnerable:	Aidas Sabaliauskas VicFTPS 5.0

Not Vulnerable:

Discussion

VicFTPS Directory Traversal Vulnerability

VicFTPS is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

Exploiting this issue can allow an attacker to download arbitrary files outside of the FTP server root directory. This may aid in further attacks.

VicFTPS (Victory FTP Server) 5.0 is vulnerable; other versions may also be affected.

Exploit / POC

VicFTPS Directory Traversal Vulnerability

Attackers can use readily available tools and commands to exploit this issue.

Solution / Fix

VicFTPS Directory Traversal Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

VicFTPS Directory Traversal Vulnerability

References:

VicFTPS - Homepage (Aidas Sabaliauskas)