Jigunet Corporation TwinFTP Server 1.0.3 R2 Directory Traversal 1.2
 
Plugin ID234
Plugin nameJigunet Corporation TwinFTP Server 1.0.3 R2 Directory Traversal
Plugin filenameJigunet Corporation TwinFTP Server 1.0.3 R2 Directory Traversal.plugin
Plugin filesize3143 bytes
Plugin familyFTP
Plugin created nameNico 'Triplex' Spicher
Plugin created emailTriplex at IT-Helpnet dot de
Plugin created webhttp://triplex.it-helpnet.de/
Plugin created companyhttp://www.it-helpnet.de/
Plugin created date2004/09/13
Plugin updated nameMarc Ruef
Plugin updated emailmarc dot ruef at computec dot ch
Plugin updated webhttp://www.computec.ch
Plugin updated companycomputec.ch
Plugin updated date2004/11/13
Plugin version1.2
Plugin changelogMade some corrections and enhancements in version 1.1. Corrected the plugin structure and added the accuracy values in 1.2
Plugin protocoltcp
Plugin port21
Plugin procedure detectionopen|sleep|close|pattern_exists 220 TwinFTP Server Standard 1.0.3 R2 (win32)
Plugin detection accuracy80
Plugin commentThis plugin was written with the ATK-Plugin-Creator [http://triplex.it-helpnet.de].
Bug published nameTan Chew Keong
Bug published emailchewkeong@security.org.sg
Bug published webhttp://www.security.org.sg/
Bug published companySIG^2 Vulnerability Research Advisory
Bug published date2004/09/12
Bug advisoryhttp://www.security.org.sg/vuln/twinftp103r2.html
Bug affectedJigunet Corporation TwinFTP Server 1.0.3 R2
Bug not affectedJigunet Corporation TwinFTP Server 1.0.3 R3 and newer or other ftp servers
Bug vulnerability classDirectory Traversal
Bug descriptionTan Chew Keong has reported a vulnerability in Twin FTP Server, which can be exploited by malicious users to access files in arbitrary locations on a vulnerable system. The vulnerability is caused due to an input validation error within the processing of arguments passed via the CWD, STOR and RETR FTP commands.
Bug solutionUpgrade to Version 1.0.3 R3 that is released on 10 Sep 2004
Bug fixing timeApprox. 10 minutes
Bug exploit availabilityMaybe
Bug remoteYes
Bug localYes
Bug severityHigh
Bug popularity3
Bug simplicity7
Bug impact9
Bug risk3
Source Secunia ID12511
Source LiteratureHacking Intern - Angriffe, Strategien, Abwehr, Marc Ruef, Marko Rogge, Uwe Velten and Wolfram Gieseke, November 1, 2002, Data Becker, Düsseldorf, ISBN 381582284X
Source Misc.http://www.computec.ch

This file was generated by the Attack Tool Kit (ATK), the open-sourced security scanner and exploiting framework.