• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

TriDComm Built-in FTP Server Directory Traversal Vulnerability

It is reported that TriDComm is susceptible to a directory traversal vulnerability in its built-in FTP server. The FTP server is not enabled by default.

This vulnerability allows attackers to write, or access files contained outside of the configured document root of the affected FTP server with the privileges of the affected process. This may allow them to overwrite critical files, resulting in denial of service conditions, or assist them in full system compromise. They may also retrieve the contents of potentially sensitive files, aiding them in further attacks.

This vulnerability is reported to exist in versions 1.2 and 1.3 of the package.