Sign-up

ID

VAR-201003-0519


TITLE

CompleteFTP Server Directory Traversal Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2010-0495

DESCRIPTION

CompleteFTP is an FTP service program. The CompleteFTP server does not properly handle user requests, and remote attackers can exploit vulnerabilities for denial of service and directory traversal attacks. - The FTP service has an input validation error. The directory traversal attack downloads or replaces any file other than the FTP ROOT directory. - There is an error in handling a large number of authentication requests, and an attacker can consume a large amount of memory in the system and cause the service to be unavailable. CompleteFTP is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. This may aid in further attacks. CompleteFTP 3.3.0 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: CompleteFTP Server Directory Traversal Vulnerability SECUNIA ADVISORY ID: SA39191 VERIFY ADVISORY: http://secunia.com/advisories/39191/ DESCRIPTION: A vulnerability has been discovered in CompleteFTP Server, which can be exploited by malicious users to bypass certain security restrictions and compromise a vulnerable system. The vulnerability is confirmed in version 3.3.0. SOLUTION: Restrict FTP access to trusted users only. PROVIDED AND/OR DISCOVERED BY: zombiefx ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.44

sources: CNVD: CNVD-2010-0495 // CNVD: CNVD-2010-0739 // BID: 39802 // PACKETSTORM: 87843

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2010-0495 // CNVD: CNVD-2010-0739

AFFECTED PRODUCTS

vendor:nomodel: - scope: - version: -

Trust: 1.2

vendor:distributedmodel:completeftpscope:eqversion:3.3

Trust: 0.3

sources: CNVD: CNVD-2010-0495 // CNVD: CNVD-2010-0739 // BID: 39802

THREAT TYPE

network

Trust: 0.3

sources: BID: 39802

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 39802

PATCH

title:CompleteFTP directory traversal and denial of service patchesurl:https://www.cnvd.org.cn/patchinfo/show/351

Trust: 0.6

sources: CNVD: CNVD-2010-0739

EXTERNAL IDS

db:SECUNIAid:39191

Trust: 1.3

db:BIDid:39802

Trust: 0.9

db:CNVDid:CNVD-2010-0495

Trust: 0.6

db:CNVDid:CNVD-2010-0739

Trust: 0.6

db:PACKETSTORMid:87843

Trust: 0.1

sources: CNVD: CNVD-2010-0495 // CNVD: CNVD-2010-0739 // BID: 39802 // PACKETSTORM: 87843

REFERENCES

url:http://secunia.com/advisories/39191/

Trust: 0.7

url:http://secunia.com/advisories/39191

Trust: 0.6

url:https://sysdream.com/article.php?story_id=331&session_id=78

Trust: 0.6

url:http://www.enterprisedt.com/products/completeftp/

Trust: 0.3

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2010-0495 // CNVD: CNVD-2010-0739 // BID: 39802 // PACKETSTORM: 87843

CREDITS

zombiefx

Trust: 0.3

sources: BID: 39802

SOURCES

db:CNVDid:CNVD-2010-0495
db:CNVDid:CNVD-2010-0739
db:BIDid:39802
db:PACKETSTORMid:87843

LAST UPDATE DATE

2022-05-17T01:56:41.603000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2010-0495date:2010-03-31T00:00:00
db:CNVDid:CNVD-2010-0739date:2010-04-30T00:00:00
db:BIDid:39802date:2010-04-29T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2010-0495date:2010-03-31T00:00:00
db:CNVDid:CNVD-2010-0739date:2010-04-30T00:00:00
db:BIDid:39802date:2010-04-29T00:00:00
db:PACKETSTORMid:87843date:2010-03-31T06:26:48