zFTPServer 'rmdir' Command Directory Traversal Vulnerability

Bugtraq ID:	51018
Class:	Input Validation Error
CVE:	CVE-2011-4717
Remote:	Yes
Local:	No
Published:	Dec 12 2011 12:00AM
Updated:	Dec 12 2011 12:00AM
Credit:	Stefan Schurtz
Vulnerable:	Västgöta-Data zFTPServer 6.0.0.52
Not Vulnerable:

zFTPServer 'rmdir' Command Directory Traversal Vulnerability

zFTPServer is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this vulnerability to delete directories in the context of the webserver process, which may aid in further attacks.

zFTPServer 6.0.0.52 is vulnerable; prior versions may also be affected.

zFTPServer 'rmdir' Command Directory Traversal Vulnerability

Attackers can exploit this issue through a browser.

zFTPServer 'rmdir' Command Directory Traversal Vulnerability

Solution:
Reportedly this issue has been fixed. Contact the vendor for more information.

zFTPServer 'rmdir' Command Directory Traversal Vulnerability

References:

• zftpserver Homepage (zftpserver)
  
• zFTPServer Suite 6.0.0.52 'rmdir' Directory Traversal (Stefan Schurtz)