Title: WFTPD 3.00 R5 Directory Traversal Vulnerability
Severity: HIGH
Description:
WFTPD is an FTP server developed by Texas Imperial Software for Windows systems.
Version 3.00 R5 for Windows 95/98 and Me systems contain a directory traversal vulnerability. FTP users can CD into directories outside of the FTP root tree by sending requests to do so to the ".../" directory. Once outside of the FTP root directory, the users can browse the filesystem and even download arbitrary files. This may disclose sensitive information to the attacker and aid in further attacks against the server and network.
It has been reported that users may also be able to write to the filesystem.
If users can upload files outside of the FTP root directory, it may be possible to compromise the system by overwriting critical system files with malicious replacements.
Affected Products:
- Texas Imperial Software WFTPD 3.0.00R5
References:
- Texas Imperial Software: WFTPD Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
