Bugtraq mailing list archives

Re: Serv-U FTP-Server v2.4a showing real path

From: signal11 () MEDIAONE NET (Signal 11)
Date: Tue, 29 Feb 2000 22:36:48 -0600

Actually this is not a bug, but a nasty thing
if you request a wrong dir from Serv-U FTP-Server v2.4a, it will
return the full physical path of the disk.


Yes, but Apache does the same thing with various error conditions
too (atleast 1.3.6 does) unless you chroot it.  It's not a serious
security bug.. not without an exploit to team up with it.

~ Signal 11

Current thread:

Re: Serv-U FTP-Server v2.4a showing real path Ben Greenbaum (Feb 29)
- <Possible follow-ups>
- Re: Serv-U FTP-Server v2.4a showing real path Signal 11 (Feb 29)