FTP: Symbolic Link

This signature detects attempts to exploit a known vulnerability against NcFTPD. A successful attack can lead to information disclosure. Under NcFTPD, symbolic links are created with server privledges and not user, this behavior can lead to information disclosure of files.

Extended Description

NcFTPD is prone to a remote information-disclosure vulnerability. Remote attackers can exploit this issue to view sensitive information that may help in further attacks. NcFTPD 2.8.5 is vulnerable; other versions may also be affected.

Affected Products

Ncftp_software ncftpd

References

BugTraq: 35822

Short Name
FTP:COMMAND:SYMLINK
Severity
Minor
Recommended
False
Recommended Action
None
Category
FTP
Keywords
Link Symbolic bid:35822
Release Date
08/13/2009
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Ncftp_software

Found a potential security threat?