FileCOPA FTP Server Traversal Arbitrary File Access
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
FileCopa FTP Server contains a flaw that allows a remote attacker to read and write outside of the application's path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied to the 'STOR' and 'RETR' FTP commands.
Upgrade to version 1.01 released on January 19, 2006 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.