Gene6 FTP Server does not properly restrict access to the control console, which allows local users to modify the server configuration and gain privileges, as demonstrated by defining a SITE command.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| G6_ftp_server | Gene6 | 2.0 (including) | 2.0 (including) |
| G6_ftp_server | Gene6 | 3.0 (including) | 3.0 (including) |
| G6_ftp_server | Gene6 | 3.0.1 (including) | 3.0.1 (including) |
| G6_ftp_server | Gene6 | 3.0.2 (including) | 3.0.2 (including) |
| G6_ftp_server | Gene6 | 3.1 (including) | 3.1 (including) |
| G6_ftp_server | Gene6 | 3.2 (including) | 3.2 (including) |
| G6_ftp_server | Gene6 | 3.3 (including) | 3.3 (including) |
| G6_ftp_server | Gene6 | 3.3.1 (including) | 3.3.1 (including) |
| G6_ftp_server | Gene6 | 3.4 (including) | 3.4 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=111022496826680\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=111026585431080\u0026w=2
- http://secunia.com/advisories/14436
- http://secway.org/Advisory/ad20050303.txt
- http://www.securityfocus.com/bid/12739
- http://marc.info/?l=bugtraq\u0026m=111022496826680\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=111026585431080\u0026w=2
- http://secunia.com/advisories/14436
- http://secway.org/Advisory/ad20050303.txt
- http://www.securityfocus.com/bid/12739