CVE-2001-0582 Information

Description

Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local attacker to access arbitrary files via a ‘..’ (dot dot) attack or variations in (1) GET (2) CD (3) NLST (4) SIZE (5) RETR.

Reference

http://archives.neohapsis.com/archives/bugtraq/2001-05/0036.html http://www.kb.cert.org/vuls/id/110803 https://exchange.xforce.ibmcloud.com/vulnerabilities/6495