Shuttle FTP Suite directory traversal
| shuttle-ftp-directory-traversal (16950) |  Medium Risk |
Description:
Shuttle FTP Suite is a multi-client program that supports multiple Internet protocols running on Microsoft Windows. Shuttle FTP Suite version 3.2 and possibly other versions could allow a remote attacker to traverse directories on the Web server, caused by improper validation of arguments sent to specific commands. A remote attacker could issue a specially-crafted command followed by "dot dot " sequences (../) or an absolute path to traverse directories and read or write files outside the FTP root directory.
Platforms Affected:
- Xavier Cirac, Shuttle FTP Suite 3.2
Remedy:
No remedy available as of July 4, 2009.
Consequences:
Obtain Information
References:
- Shuttle FTP Suite Web page, Shuttle FTP at http://www.waveflow.com/shuttleftp/.
- BID-10916: Shuttle FTP Suite TFTP Server Directory Traversal Vulnerability
- SA12270: Shuttle FTP Suite Directory Traversal Vulnerability
Reported:
Aug 11, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net