Details of VAR-201006-0502

ID

VAR-201006-0502

TITLE

Bftpd anonymous account bypass ROOTDIR security restriction vulnerability

Trust: 0.6

sources: CNVD: CNVD-2010-3500

DESCRIPTION

Bftpd is a small FTP server. When bftpd handles anonymous logins, the ROOTDIR option specified in the configuration file may be ignored, allowing users to bypass the restrictions to gain read and write access to any file or directory on the system. Bftpd is prone to a security-bypass vulnerability that arises due to an access-validation error. Exploiting this issue can allow an attacker to download or upload arbitrary files outside of the FTP server root directory. This may aid in further attacks. The issue affects versions prior to Bftpd 2.9

Trust: 0.81

sources: CNVD: CNVD-2010-3500 // BID: 40540

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2010-3500

AFFECTED PRODUCTS

vendor:	bftpd	model:	bftpd	scope:	eq	version:	2.x	Trust: 0.6
vendor:	bftpd	model:	bftpd	scope:	eq	version:	2.2.1	Trust: 0.3
vendor:	bftpd	model:	bftpd	scope:	eq	version:	2.8	Trust: 0.3
vendor:	bftpd	model:	bftpd	scope:	eq	version:	2.4	Trust: 0.3
vendor:	bftpd	model:	bftpd	scope:	ne	version:	2.9	Trust: 0.3

sources: CNVD: CNVD-2010-3500 // BID: 40540

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2010-3500
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2010-3500
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2010-3500

THREAT TYPE

network

Trust: 0.3

sources: BID: 40540

TYPE

Access Validation Error

Trust: 0.3

sources: BID: 40540

EXTERNAL IDS

db:	BID	id:	40540	Trust: 0.9
db:	CNVD	id:	CNVD-2010-3500	Trust: 0.6

sources: CNVD: CNVD-2010-3500 // BID: 40540

REFERENCES

url:	http://www.securityfocus.com/bid/40540/info	Trust: 0.6
url:	http://bftpd.sourceforge.net/index.html	Trust: 0.3
url:	http://bftpd.sourceforge.net/news.html	Trust: 0.3

sources: CNVD: CNVD-2010-3500 // BID: 40540

CREDITS

Paul Laufer

Trust: 0.3

sources: BID: 40540

SOURCES

db:	CNVD	id:	CNVD-2010-3500
db:	BID	id:	40540

LAST UPDATE DATE

2022-05-17T01:58:05.120000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-3500	date:	2010-06-02T00:00:00
db:	BID	id:	40540	date:	2010-06-02T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2010-3500	date:	2010-06-02T00:00:00
db:	BID	id:	40540	date:	2010-06-02T00:00:00