Code: p33

Severity: Warning


Description: Certain versions of the FTP daemon allow access to files on a machine through a sequence of commands culminating with CWD ~root. This vulnerability allows attackers who can access FTP on the target host to transfer files to which they would not normally have access.

Impact: This attack bypasses the authentication on an FTP server and allows an attacker to read or write with root permissions, any file on that system.

Corrective: Check to see whether the victim station is vulnerable to this attack. If so, then you should consider the machine compromised and take appropriate action.