TUCoPS :: HP Unsorted X :: b1a-1414.htm

SFTP Xlight FTPd Multiple Directory Traversal
Xlight FTPd Multiple Directory Traversal in SFTP
Xlight FTPd Multiple Directory Traversal in SFTP


Accensus Security Group Vulnerability Advisory [L-03]=0D
Date: 7/5/2010=0D
=0D
Vendor: http://www.xlightftpd.com/=0D 
=0D
Effected Software: Xlight FTP Server 3.5.5=0D
=0D
Description of Vulnerability:=0D
The SFTP server contains several directory traversal vulnerabilities: get, ls, rm, rename, etc. For example get ../../../../boot.ini will grab c:\boot.ini=0D
=0D
Severity: Medium=0D
=0D
Local / Remote:  Local=0D
=0D
Timeline:=0D
Vendor informed 7/2, fix released 7/4=0D
=0D
www.accensussecurity.com

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH