Wednesday, April 18, 2012

SnugServer FTP Server Directory Traversal Vulnerability

SnugServer is an Email Server, Web Server, FTP Server, NewsServer and ListServer. It's your all-in-one solution to managing your Internet Presence. Send/receive emails through your own server, host your own website(s) and so much more.

Sow Ching Shiong, an independent vulnerability researcher has identified a Directory Traversal vulnerability in SnugServer FTP Server. This issue was discovered in a default installation of SnugServer FTP Server Other earlier versions may also be affected.

Proof of concept

Update to version or later.


Disclosure Timeline
2010-05-20 - Vulnerability discovered.
2010-05-20 - Vulnerability reported to Secunia.
2010-05-20 - Secunia confirmed the vulnerability and contacted the vendor.
2010-05-21 - Patch released.
2010-05-21 - Advisory published by Secunia.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.