Directory Traversal Vulnerability in gftp for GTK+ by Mandriva
CVE-2005-0372

Currently unrated

Key Information:

Vendor: Gnome
Status: Gtk
Vendor: CVE Published:; 2 May 2005

What is CVE-2005-0372?

A directory traversal vulnerability exists in gftp versions prior to 2.0.18 that allows remote malicious FTP servers to exploit the system. By using specially crafted filenames with .. (dot dot) sequences in the LIST command response, an attacker can read arbitrary files from the server. This could lead to exposure of sensitive information, compromising the integrity and security of affected systems.

References

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRAKE

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio...

vendor-advisoryx_refsource_CONECTIVA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Feb 13, 2005

Gnome

What is CVE-2005-0372?

References

Timeline