PT-2003-2325 · Bisonftp · Bisonftp Server

Published

2003-12-31

Updated

2017-07-29

CVE-2003-1380

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions BisonFTP Server version 4 release 2

Description The issue allows remote attackers to list directories and files above the root directory. This can be achieved by using specific commands, such as ls @../ to list directories above the root, or mget @../FILE to list files above the root.

Recommendations For BisonFTP Server version 4 release 2, consider restricting access to the ls and mget commands until a patch is available. As a temporary workaround, limit the ability of remote attackers to traverse directories above the root.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2003-1380

Affected Products

Bisonftp Server

PT-2003-2325 · Bisonftp · Bisonftp Server

CVE-2003-1380

Weakness Enumeration

Related Identifiers

Affected Products

References · 4