Signature Detail

FTP: Multiple FTP Server PUT Command Directory Traversal

This signature detects directory traversal attempts to upload a file to a malicious server. The server can embed a directory traversal attack in the filename to specify the exact file download location on the client machine.

Extended Description

An attacker could take control of a SunFTP server by putting malicious programs, such as Trojan horses, on the system using a "dot dot" vulnerability.

References

• CVE: CVE-2001-0283
• URL: http://archives.neohapsis.com/archives/bugtraq/2001-02/0523.html