PT-2001-1140 · Texas Imperial · Wftpd

Published

2001-01-09

Updated

2008-09-05

CVE-2000-1101

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions WFTPD versions 2.41 and 3.00

Description A directory traversal issue allows local users to escape the home directory by using a "/../" string, which is a variation of the .. (dot dot) attack, when the "Restrict to home directory" option is enabled.

Recommendations For WFTPD version 2.41, disable the "Restrict to home directory" option or restrict access to the FTP server until a fix is available. For WFTPD version 3.00, consider disabling the FTP server functionality or limiting user access to prevent exploitation of the directory traversal issue until a patch is released.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-1101

Affected Products

Wftpd

PT-2001-1140 · Texas Imperial · Wftpd

CVE-2000-1101

Related Identifiers

Affected Products

References · 4