CVE-2005-0372 in GTK+
Summary
by MITRE
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 07/05/2025
The vulnerability identified as CVE-2005-0372 represents a critical directory traversal flaw in the gftp client software version 2.0.17 and earlier. This vulnerability specifically affects the GTK+ implementation of gftp, which is a graphical file transfer client commonly used for managing file transfers over FTP protocols. The flaw stems from inadequate input validation within the client's handling of filenames returned by FTP servers during directory listing operations. When a malicious FTP server responds to a LIST command with filenames containing .. (dot dot) sequences, the gftp client fails to properly sanitize these paths, allowing unauthorized access to files outside the intended directory structure.
The technical exploitation of this vulnerability occurs through the manipulation of FTP server responses during directory listing operations. When gftp processes the output of an FTP LIST command, it does not adequately validate or sanitize filenames that may contain directory traversal sequences such as ../ or ..\.. When these malicious filenames are processed, the client's path resolution mechanism interprets the .. sequences as commands to navigate up the directory hierarchy, potentially allowing access to files in parent directories that should remain protected. This represents a classic path traversal vulnerability that violates the principle of least privilege and can result in unauthorized data access.
The operational impact of this vulnerability extends beyond simple file access, as it can potentially expose sensitive system information, configuration files, and user data to unauthorized parties. Attackers can leverage this vulnerability to read files that may contain passwords, authentication tokens, system configurations, or other sensitive information that should not be accessible through normal file transfer operations. The vulnerability is particularly concerning because it operates at the client level, meaning that users may unknowingly connect to malicious FTP servers that exploit this flaw to gain access to their local file systems. This makes the attack vector particularly insidious as it can occur without the user's knowledge or explicit consent.
Mitigation strategies for this vulnerability primarily involve updating to gftp version 2.0.18 or later, which includes proper input validation and sanitization of filenames returned from FTP servers. System administrators should also implement network-level controls such as firewall rules that restrict access to potentially malicious FTP servers, particularly those that are not properly authenticated or are known to be compromised. The vulnerability aligns with CWE-22, which describes improper limitation of a pathname to a restricted directory, and can be mapped to ATT&CK technique T1071.004 for application layer protocol: file transfer protocol. Organizations should also consider implementing network monitoring to detect unusual FTP traffic patterns that might indicate exploitation attempts, and establish secure coding practices that emphasize input validation and proper path handling in all file system operations to prevent similar vulnerabilities from occurring in other applications.