CVE-2001-0263 in G6 FTP Server
Summary
by MITRE
Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to read file attributes outside of the web root via the (1) SIZE and (2) MDTM commands when the "show relative paths" option is not enabled.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 03/10/2025
The vulnerability identified as CVE-2001-0263 affects the Gene6 G6 FTP Server version 2.0, also known as BPFTP Server 2.10, presenting a significant information disclosure risk through improper path handling in specific FTP commands. This flaw enables unauthorized access to file system attributes beyond the designated web root directory, creating a potential pathway for attackers to enumerate sensitive system information and potentially uncover critical infrastructure details.
The technical implementation of this vulnerability stems from inadequate input validation and path traversal handling within the SIZE and MDTM FTP commands. When the "show relative paths" option is disabled, the server fails to properly restrict file access to the designated web root directory, allowing attackers to craft malicious requests that traverse the file system hierarchy. The SIZE command typically retrieves file size information while MDTM retrieves modification time data, but both commands in this vulnerable implementation lack proper boundary checking mechanisms that would normally prevent access to files outside the intended directory structure.
This vulnerability directly maps to CWE-22, which describes improper limitation of a pathname to a restricted directory, commonly known as path traversal or directory traversal attacks. The flaw represents a classic example of insufficient input sanitization where the server processes user-supplied paths without adequate validation against the configured root directory boundaries. Attackers can exploit this by constructing specific command sequences that bypass normal access controls and retrieve metadata from arbitrary locations within the file system.
The operational impact of this vulnerability extends beyond simple information disclosure, as it provides attackers with valuable reconnaissance data about the underlying system architecture. By accessing file attributes outside the web root, threat actors can identify system layout, discover potentially sensitive files, and map directory structures that might contain additional vulnerabilities. This information can serve as a foundation for more sophisticated attacks including privilege escalation attempts or targeted exploitation of other system components that may be accessible through the discovered paths.
Organizations running vulnerable FTP servers should immediately implement multiple layers of mitigation strategies to address this exposure. The primary recommendation involves enabling the "show relative paths" option when available, as this configuration change can effectively prevent the traversal behavior. Additionally, administrators should enforce strict access controls through firewall rules that limit FTP service exposure to trusted networks only, implement proper network segmentation, and consider migrating to more modern secure file transfer protocols such as SFTP or FTPS that provide better authentication and encryption mechanisms. Regular vulnerability scanning and security audits should be conducted to identify and remediate similar path traversal vulnerabilities across all file transfer services within the infrastructure. The ATT&CK framework categorizes this type of vulnerability under T1083 - File and Directory Discovery, highlighting the reconnaissance nature of the attack vector and its potential for enabling subsequent attack phases through information gathering activities.