CVE-2008-2702

Name of the Vulnerable Software and Affected Versions ALFTP versions 4.1 beta 2 through 5.0

Description A directory traversal issue in the FTP client allows remote FTP servers to create or overwrite arbitrary files by including a .. (dot dot) in a response to a LIST command. This can potentially be leveraged for code execution by writing to a Startup folder.

Recommendations For versions 4.1 beta 2 through 5.0, consider disabling the FTP client functionality until a patch is available to prevent potential exploitation. Restrict access to sensitive folders, such as Startup folders, to minimize the risk of arbitrary file creation or overwrite. Avoid using the affected FTP client to connect to untrusted FTP servers. At the moment, there is no information about a newer version that contains a fix for this vulnerability.