Shambala FTP server "dot dot" directory traversal
|shambala-dotdot-directory-traversal (9224)||Medium Risk|
Evolvable Corporation Shambala Server could allow a remote attacker to traverse directories on the FTP server. A remote attacker can send a LS or a GET command followed by "dot dot" sequences (/../) to traverse directories and download any file on the system.
No remedy available as of August 1, 2014.
- BugTraq Mailing List, Thu May 30 2002 - 17:21:30 CDT: [[ TH 026 Inc. ]] SA #3 - Shambala Server 4.5, Directory Traversal and DoS.
- BID-4896: Evolvable Shambala Server FTP Server Directory Traversal Vulnerability
- CVE-2002-0877: Directory traversal vulnerability in the FTP server for Shambala 4.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) LIST (ls) or (2) GET commands.
- OSVDB ID: 9059: Shambala FTP Server Multiple Command Arbitrary File Access
- Evolvable Corporation Shambala Server 4.5
May 30, 2002