Re: Serv-U FTP-Server v2.4a showing real path

From: Signal 11 (signal11at_private)
Date: Tue Feb 29 2000 - 20:36:48 PST

Next message: Ian Turner: "Re: Disk (over)quota in Windows 2000"

Previous message: Signal 11: "Re: All the recent SQL vulnerabilities"
Maybe in reply to: Berk Ulsoy: "Serv-U FTP-Server v2.4a showing real path"
Next in thread: Ben Greenbaum: "Re: Serv-U FTP-Server v2.4a showing real path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Actually this is not a bug, but a nasty thing
> if you request a wrong dir from Serv-U FTP-Server v2.4a, it will
> return the full physical path of the disk.

Yes, but Apache does the same thing with various error conditions
too (atleast 1.3.6 does) unless you chroot it.  It's not a serious
security bug.. not without an exploit to team up with it.

~ Signal 11

Next message: Ian Turner: "Re: Disk (over)quota in Windows 2000"
Previous message: Signal 11: "Re: All the recent SQL vulnerabilities"
Maybe in reply to: Berk Ulsoy: "Serv-U FTP-Server v2.4a showing real path"
Next in thread: Ben Greenbaum: "Re: Serv-U FTP-Server v2.4a showing real path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:38:31 PDT