Signature Detail

Short Name	FTP:FILE:PUT-AUTOEXECBAT
Severity	Medium
Recommended	No
Category	FTP
Keywords	sans top20 sunftp ftp windows win32 directory traversal
Release Date	2003/04/23
Update Number	1213
Supported Platforms	di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+

FTP: SunFTP ../autoexec.bat PUT Command

This signature detects an attempt by an attacker to exploit a directory traversal vulnerability in the SunFTP daemon. Successful exploitation of this vulnerability can allow an attacker to read and write to files outside of the daemon's directory structure. This vulnerability is present in SunFTP build 9.

Extended Description

An attacker could take control of a SunFTP server by putting malicious programs, such as Trojan horses, on the system using a "dot dot" vulnerability.

References

CVE: CVE-2001-0283
URL: http://archives.neohapsis.com/archives/bugtraq/2001-02/0523.html

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

FTP: SunFTP ../autoexec.bat PUT Command

Extended Description

References