--- SnakeByte / Eric Sesterhenn <snakebyteat_private> <snip> > Texas Imperial Software WFTPD > CWD ... > CWD .... > directory traversal possible <snip> I have already posted this bug to bugtraq on May 24, 2001 (cfr. http://online.securityfocus.com/bid/2779/) The bug has been fixed in version 3.10 release 1 (cfr. http://online.securityfocus.com/bid/2779/info/) I have verified this with WFTPD 32-bit (X86) version 3.10 release 1 9/27/2001, and this version is patched against this bug (both CWD ... & CWD ....), since the server returns : 501 User is not allowed to change to ... - returning to /. or 501 User is not allowed to change to .... - returning to /. (/ is the homedirectory of the user, not the rootdirectory) cheers, [ByteRage] __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
This archive was generated by hypermail 2b30 : Tue May 28 2002 - 08:16:14 PDT