Title: Gene 6 BPFTP Server Path Disclosure Vulnerability
Severity: MODERATE
Description:
G6 FTP Server now known as BPFTP Server is an internet FTP server by Gene6
BPFTP Server has a flaw which can permit a remote user to learn the physcial path to the FTP service's root directory.
By submitting the FTP command 'dele' argumented by an ':' character and a arbitrary filename, the attacker can cause an error message to be generated by BPFTP which includes the path for the ftp root.
It has been reported that the 'Show Relative Path' option must be disabled in order to successfully exploit this issue.
Properly exploited, this information could assist a hostile user in carrying out other attacks on the system.
Affected Products:
- Gene6 BPFTP Server 2.0.0
References:
- Gene6: BPFTP Server Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
