CVE-2000-0565

Name of the Vulnerable Software and Affected Versions SmartFTP Daemon version 0.2

Description The issue allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack.

Recommendations For SmartFTP Daemon version 0.2, consider restricting access to the configuration file upload feature to prevent exploitation. As a temporary workaround, limit the ability of local users to upload and specify alternate configuration files until a patch is available.