Bugtraq mailing list archives

Re: Problems with various windows FTP servers

From: ByteRage <byterage () yahoo com>
Date: Tue, 28 May 2002 00:32:03 -0700 (PDT)


--- SnakeByte / Eric Sesterhenn <snakebyte () gmx de>
<snip>

Texas Imperial Software WFTPD
 CWD ...
 CWD ....
 directory traversal possible

<snip>

I have already posted this bug to bugtraq on May 24,
2001
(cfr. http://online.securityfocus.com/bid/2779/)

The bug has been fixed in version 3.10 release 1
(cfr. http://online.securityfocus.com/bid/2779/info/)

I have verified this with WFTPD 32-bit (X86) version
3.10 release 1 9/27/2001, and this version is patched
against this bug (both CWD ... & CWD ....), since the
server returns :

501 User is not allowed to change to ... - returning
to /.

or

501 User is not allowed to change to .... - returning
to /.

(/ is the homedirectory of the user, not the
rootdirectory)

cheers,

[ByteRage]

__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

Current thread:

Problems with various windows FTP servers SnakeByte / Eric Sesterhenn (May 27)
- Re: Problems with various windows FTP servers ByteRage (May 28)
- Re: Problems with various windows FTP servers Stephen Cope (May 28)
- Re: Problems with various windows FTP servers Alun Jones (May 31)