AOH :: HP Unsorted X :: B1A-1414.HTM

SFTP Xlight FTPd Multiple Directory Traversal



Xlight FTPd Multiple Directory Traversal in SFTP
Xlight FTPd Multiple Directory Traversal in SFTP



Accensus Security Group Vulnerability Advisory [L-03]=0D
Date: 7/5/2010=0D
=0D
Vendor: http://www.xlightftpd.com/=0D 
=0D
Effected Software: Xlight FTP Server 3.5.5=0D
=0D
Description of Vulnerability:=0D
The SFTP server contains several directory traversal vulnerabilities: get, ls, rm, rename, etc. For example get ../../../../boot.ini will grab c:\boot.ini=0D
=0D
Severity: Medium=0D
=0D
Local / Remote:  Local=0D
=0D
Timeline:=0D
Vendor informed 7/2, fix released 7/4=0D
=0D
www.accensussecurity.com 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.