Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Directory Traversal (Chroot Escape) vulnerability in uftpd
Vulnerability Description
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in version 2.11
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
uftpd 路径遍历漏洞
Vulnerability Description
uftpd是一款基于Linux平台的FTP/TFTP文件传输服务器。 uftpd 2.11之前版本中存在路径遍历漏洞。攻击者可借助多个不同的FTP命令利用该漏洞对文件系统上的任意位置进行读写操作。
CVSS Information
N/A
Vulnerability Type
N/A