CVE-2005-0372 : Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote m

Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.

Published 2005-05-02 04:00:00

Updated 2025-04-03 01:03:51

Source Debian GNU/Linux

View at NVD, CVE.org

Vulnerability category: Directory traversal

Products affected by CVE-2005-0372

Gnome » GTK
Versions before (<) 2.0.18
cpe:2.3:a:gnome:gtk:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2005-0372

EPSS FAQ

4.09%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 88 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2005-0372

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2005-0372

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2005-0372

http://www.debian.org/security/2005/dsa-686

[SECURITY] [DSA 686-1] New gftp packages fix directory traversal vulnerability
Patch;Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9923

404 Not Found
Broken Link
http://www.securityfocus.com/advisories/8379

Third Party Advisory;VDB Entry
http://www.securityfocus.com/advisories/8380

Third Party Advisory;VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A717

404 Not Found
Broken Link
http://www.redhat.com/support/errata/RHSA-2005-410.html

Support
Third Party Advisory
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000957

CONECTIVA | Análises dos Melhores Produtos Online (#10 Melhores)
Third Party Advisory
http://www.gentoo.org/security/en/glsa/glsa-200502-27.xml

gFTP: Directory traversal vulnerability (GLSA 200502-27) — Gentoo security
Patch;Third Party Advisory;Vendor Advisory
http://www.securityfocus.com/bid/12539

Patch;Third Party Advisory;VDB Entry
http://www.mandriva.com/security/advisories?name=MDKSA-2005:050

Mandriva
Broken Link

Jump to

Vulnerability Details : CVE-2005-0372

Products affected by CVE-2005-0372

Exploit prediction scoring system (EPSS) score for CVE-2005-0372

CVSS scores for CVE-2005-0372

CWE ids for CVE-2005-0372

References for CVE-2005-0372