Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1386

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2001-1386
Last Modified 10 Sep 2008 03:10:25
Published 01 Jul 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1386

Summary

WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.

Vulnerable Systems

Application

  • Texas Imperial Software Wftpd 2.4.1

  • Texas Imperial Software Wftpd 2.4.1 Rc11

  • Texas Imperial Software Wftpd 2.4.1 Rc12

  • Texas Imperial Software Wftpd 2.40

  • Texas Imperial Software Wftpd 2.41 Rc14

  • Texas Imperial Software Wftpd 3.0

  • Texas Imperial Software Wftpd 3.0 0r3

  • Texas Imperial Software Wftpd 3.0 0r4

  • Texas Imperial Software Wftpd 3.0 0r5


References

BID - 2957

XF - ftp-lnk-directory-traversal(6760)

BUGTRAQ - 20010701 WFTPD v3.00 R5 Directory Traversal


Last Updated: 27 May 2016 10:36:39