Re: Problems with various windows FTP servers

From: ByteRage (byterageat_private)
Date: Tue May 28 2002 - 00:32:03 PDT

Next message: Stephen Cope: "Re: Problems with various windows FTP servers"

Previous message: Larry Jones: "Re: [DER ADV#8] - Local off by one in CVSD"
Next in thread: Stephen Cope: "Re: Problems with various windows FTP servers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--- SnakeByte / Eric Sesterhenn <snakebyteat_private>
<snip>
> Texas Imperial Software WFTPD
>  CWD ...
>  CWD ....
>  directory traversal possible
<snip>

I have already posted this bug to bugtraq on May 24,
2001
(cfr. http://online.securityfocus.com/bid/2779/)

The bug has been fixed in version 3.10 release 1
(cfr. http://online.securityfocus.com/bid/2779/info/)

I have verified this with WFTPD 32-bit (X86) version
3.10 release 1 9/27/2001, and this version is patched
against this bug (both CWD ... & CWD ....), since the
server returns :

501 User is not allowed to change to ... - returning
to /.

or

501 User is not allowed to change to .... - returning
to /.

(/ is the homedirectory of the user, not the
rootdirectory)

cheers,

[ByteRage]

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Next message: Stephen Cope: "Re: Problems with various windows FTP servers"
Previous message: Larry Jones: "Re: [DER ADV#8] - Local off by one in CVSD"
Next in thread: Stephen Cope: "Re: Problems with various windows FTP servers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 28 2002 - 08:16:14 PDT