> a quick note, Winsock FTPD 3.00 pro and 2.41 (maybe prior) are vulnerable Thanks for the note - we released 3.00 R4 last week to fix this vulnerability. [We now refuse to list any parameter list containing "/.."] > PS: Serv-U ftp doesn't seem to be vulnerable No duh - Serv-U doesn't bother to expand wildcards in non-terminal path elements. I spent a good couple of hours putting the code into WFTPD to do that, for one particular customer's requirement. Note - there is no "glob" in Windows (at least, not that works this way), and so we're apparently _not_ vulnerable to the other glob problem reported elsewhere. Alun. ~~~~
This archive was generated by hypermail 2b30 : Mon Apr 23 2001 - 11:09:47 PDT