Monday, October 18, 2010

FreshFTP: Directory Traversal Vulnerability

Users of FreshFTP please be advised of a Directory Traversal vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com
HTB22628: [HTB22628] Directory Traversal Vulnerability in FreshFTP
Product: FreshFTP
Vulnerability Type: Directory Traversal Vulnerability
Vulnerability Details:

When exploited, this vulnerability allows an anonymous attacker to write files to specified locations on a user's system.



The FTP client does not properly sanitise filenames containing directory traversal sequences that are received from an FTP server, for example

file named as "..............somefile.exe".



By tricking a user to download a directory from a malicious FTP server that contains files with backslash directory traversal sequences in their filenames,

an attacker can potentially write files into a user's Startup folder to execute malicious code when the user logs on.<br/><br/>Read more at www.criticalwatch.com
 

No comments:

Post a Comment