CVE-2004-2488

Vulnerability

Nexgen FTP Server versions before 2.2.3.23 are vulnerable to a directory traversal attack. The vulnerability exists in the handling of file paths in the RETR (get), NLST (ls), LIST (ls), RNFR, and RNTO FTP commands. An authenticated remote user can include "C:" sequences in the path argument to traverse directories and access files outside the intended FTP root.

Exploitation

An attacker must have valid credentials to authenticate to the FTP server. After successful login, the attacker can issue crafted FTP commands with "C:" sequences in the path parameter. For example, using RETR C:../boot.ini could retrieve the boot.ini file from the root of the C: drive. The attack does not require any special privileges beyond authentication.

Impact

A successful exploit allows an authenticated remote attacker to read or list arbitrary files on the server's file system. This could lead to disclosure of sensitive information such as configuration files, password hashes, or other data stored on the same drive. The impact is limited to information disclosure; the vulnerability does not allow file modification or execution.

Mitigation

Upgrade to Nexgen FTP Server version 2.2.3.23 or later, which addresses the directory traversal issue. If upgrading is not possible, restrict FTP access to trusted users only and monitor for suspicious commands containing path traversal sequences. No other workarounds are mentioned in the available references.