{"vuid":"VU#110803","idnumber":"110803","name":"CrushFTP Server does not adequately filter user input thereby permitting directory traversal","keywords":["CrushFTP Server","directory traversal","../","user input"],"overview":"CrushFTP allows access to files outside the FTP root directory through directory traversal.","clean_desc":"CrushFTP is a Java-based FTP server available for Linux, Mac OS, and Windows. CrushFTP can be configured to limit access to files under a designated FTP root directory. However, CrushFTP allows an attacker to get files outside this directory through '../' directory traversal.","impact":"CrushFTP allows an attacker to see any file in the filesystem, including potentially sensitive and critical system files.","resolution":"Upgrade to version 2.1.7 or later of CrushFTP at: http://www.crushftp.com","workarounds":"Use chroot if available on your system, to limit the scope of CrushFTP's access to the filesystem.","sysaffected":"","thanks":"Thanks to Joe Testa for discovering this vulnerability.","author":"This document was written by Shawn Van Ittersum.","public":["http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0583","http://xforce.iss.net/static/6495.php","http://xforce.iss.net/alerts/vol-6_num-7.php"],"cveids":["CVE-2001-0582"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2001-08-29T21:43:42Z","publicdate":"2001-05-23T13:24:54Z","datefirstpublished":"2001-12-20T16:49:55Z","dateupdated":"2001-12-20T16:50:04Z","revision":14,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"9","cam_population":"4","cam_impact":"4","cam_easeofexploitation":"15","cam_attackeraccessrequired":"1","cam_scorecurrent":"0.108","cam_scorecurrentwidelyknown":"0.1305","cam_scorecurrentwidelyknownexploited":"0.2205","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.108,"vulnote":null}