Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0483

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0483
Last Modified 05 Sep 2008 04:46:25
Published 30 Mar 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0483

Summary

Multiple directory traversal vulnerabilities in sitenfo.sh, sitezipchk.sh, and siteziplist.sh in Glftpd 1.26 to 2.00 allow remote authenticated users to (1) determine the existence of arbitrary files, (2) list files in restricted directories, or (3) read arbitrary files from within ZIP or gzip files, via .. (dot dot) sequences and globbing ("*") characters in a SITE NFO command.

Vulnerable Systems

Application

  • Glftpd 1.26

  • Glftpd 1.27

  • Glftpd 1.28

  • Glftpd 1.29.1

  • Glftpd 1.31

  • Glftpd 1.32

  • Glftpd 2.0

  • Glftpd 2.0 Rc1

  • Glftpd 2.0 Rc2

  • Glftpd 2.0 Rc3

  • Glftpd 2.0 Rc4

  • Glftpd 2.0 Rc5

  • Glftpd 2.0 Rc6

  • Glftpd 2.0 Rc7


References

XF - glftpd-sitenfosh-directory-traversal(19401)

BID - 12586

BUGTRAQ - 20050218 Multiple vulnerabilities in Glftpd v1.26 - v2.00 default zip based plug-ins


Last Updated: 27 May 2016 10:39:49