Title: CesarFTP Directory Traversal Vulnerability
Severity: HIGH
Description:
CesarFTP is a freely available FTP Server for Microsoft Windows 9x/ME systems.
CesarFTP on Windows 98/Me platforms contains a 'directory traversal' vulnerability. CesarFTP offers the ability to map directories on the filesystem to 'virtual directories', in the FTP root tree which FTP users can access. This is to protect the filesystem outside of the ftp root from possibly malicious users.
If a user requests to change directories to "..." from within one of these mapped directories, they will change into the directory above the 'real' directory on the filesystem. At this point they can traverse the filesystem and will have read access to almost every file.
A user must already have an account on the server to take advantage of this vulnerability.
Note: This vulnerability only affects Windows 98/Me systems running CesarFTP.
Affected Products:
- ACLogic CesarFTP 0.98.0 b
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
