Info

Disclosure

Jul 01, 2005

Discovery

Unknown

Dates

Exploit

Jul 01, 2005

Solution

Unknown

Description

Golden FTP Server Pro contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to an input validation error in the handling of the LS command. By changing directory to a share and then passing "\.." as an argument to the LS command, it will disclose the contents of the application directory (e.g. containing files with names of valid users) resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

KMiNT21 Software

Golden FTP Server

2.6

References

Security Tracker: 1014354
Bugtraq ID: 14124
Secunia Advisory ID: 15840
Related OSVDB ID: 17679
CVE ID: 2005-2142 (see also: NVD)
ISS X-Force ID: 20668
Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=111530871716145&w=2
Vendor URL: http://www.goldenftpserver.com/

Credit

Lachlan. H - pseudonym_okyahoo.com -

Direct URL: http://osvdb.org/36218