eftp_root_disclosure.nasl

漏洞扫描源码,可以扫描linux,windows,交换机路由器

# This script was written by Michel Arboi <arboi@alussinan.org>
#
# Script audit and contributions from Carmichael Security <http://www.carmichaelsecurity.com>
#      Erik Anderson <eanders@carmichaelsecurity.com>
#      Added BugtraqID and CAN
#
# GPL
#
# References:
# Date:  Wed, 12 Sep 2001 04:36:22 -0700 (PDT)
# From: "ByteRage" <byterage@yahoo.com>
# Subject: EFTP Version 2.0.7.337 vulnerabilities
# To: bugtraq@securityfocus.com
# 

if(description)
{
  script_id(11093);
  script_bugtraq_id(3331, 3333);
  script_version("$Revision: 118 $");
  script_cve_id("CVE-2001-1109");
 name["english"] = "EFTP installation directory disclosure ";
 name["francais"] = "EFTP r関鑜e le r閜ertoire d'installation";
 
 script_name(english:name["english"], francais:name["francais"]);
 
 desc["english"] = "
The remote FTP server can be used to determine the
installation directory by sending a request on an
unexisting file.

An attacker may use this flaw to gain more knowledge about
this host, such as its filesystem layout. 

Solution : update your FTP server
Risk factor : Low";
 


 desc["francais"] = "
Le serveur FTP distant peut r関閘er son r閜ertoire 
d'installation en r閜ondant