CVE Vulnerabilities

CVE-2001-0582

Published: Aug 22, 2001 | Modified: Dec 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local attacker to access arbitrary files via a .. (dot dot) attack, or variations, in (1) GET, (2) CD, (3) NLST, (4) SIZE, (5) RETR.

Affected Software

Name Vendor Start Version End Version
Crushftp_ftp_server Ben_spink 2.1.4 2.1.4
Crushftp_ftp_server Ben_spink * 2.1.6

References