Bugtraq mailing list archives
Re: Serv-U FTP-Server v2.4a showing real path
From: signal11 () MEDIAONE NET (Signal 11)
Date: Tue, 29 Feb 2000 22:36:48 -0600
Actually this is not a bug, but a nasty thing if you request a wrong dir from Serv-U FTP-Server v2.4a, it will return the full physical path of the disk.
Yes, but Apache does the same thing with various error conditions too (atleast 1.3.6 does) unless you chroot it. It's not a serious security bug.. not without an exploit to team up with it. ~ Signal 11
Current thread:
- Re: Serv-U FTP-Server v2.4a showing real path Ben Greenbaum (Feb 29)
- <Possible follow-ups>
- Re: Serv-U FTP-Server v2.4a showing real path Signal 11 (Feb 29)