Vulnerabilities > CVE-2005-0690 - Remote Default Install Code Execution vulnerability in Gene6 FTP Server

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

gene6

NVD

Published: 2005-03-07

Updated: 2016-10-18

Summary

Gene6 FTP Server does not properly restrict access to the control console, which allows local users to modify the server configuration and gain privileges, as demonstrated by defining a SITE command.

Vulnerable Configurations

Part	Description	Count
Application	Gene6 Gene6 G6 FTP Server 2.0 Gene6 G6 FTP Server 3.0 Gene6 G6 FTP Server 3.0.1 Gene6 G6 FTP Server 3.0.2 Gene6 G6 FTP Server 3.1 Gene6 G6 FTP Server 3.2 Gene6 G6 FTP Server 3.3 Gene6 G6 FTP Server 3.3.1 Gene6 G6 FTP Server 3.4	9

References

http://marc.info/?l=bugtraq&m=111022496826680&w=2
http://marc.info/?l=bugtraq&m=111026585431080&w=2
http://secunia.com/advisories/14436
http://secway.org/Advisory/ad20050303.txt
http://www.securityfocus.com/bid/12739