PT-2001-1702 · Raidenftpd · Raidenftpd Server

Published

2001-05-24

Updated

2017-12-19

CVE-2001-0491

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions RaidenFTPD Server version 2.1 before build 952

Description The issue allows attackers to access files outside the ftp root via dot dot attacks. This can be achieved through various means, such as using .... in the CWD command, .. in the NLST command, or ... in the NLST command.

Recommendations For RaidenFTPD Server version 2.1 before build 952, update to build 952 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories outside the ftp root to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2001-0491

Affected Products

Raidenftpd Server

PT-2001-1702 · Raidenftpd · Raidenftpd Server

CVE-2001-0491

Related Identifiers

Affected Products

References · 5