[14113] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Serv-U FTP-Server v2.4a showing real path

daemon@ATHENA.MIT.EDU (Signal 11)
Wed Mar 1 18:18:45 2000

Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id:  <NDBBJCDMALHMJICDFDJEMECCCAAA.signal11@mediaone.net>
Date:         Tue, 29 Feb 2000 22:36:48 -0600
Reply-To: Signal 11 <signal11@MEDIAONE.NET>
From: Signal 11 <signal11@MEDIAONE.NET>
X-To:         Berk Ulsoy <berk@MUTEK.ORG.TR>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To:  <DHEBIGGNIMPMLLBICFNJEEKPCBAA.berk@mutek.org.tr>

> Actually this is not a bug, but a nasty thing
> if you request a wrong dir from Serv-U FTP-Server v2.4a, it will
> return the full physical path of the disk.

Yes, but Apache does the same thing with various error conditions
too (atleast 1.3.6 does) unless you chroot it.  It's not a serious
security bug.. not without an exploit to team up with it.

~ Signal 11


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[14113] in bugtraq

Re: Serv-U FTP-Server v2.4a showing real path

daemon@ATHENA.MIT.EDU (Signal 11)Wed Mar 1 18:18:45 2000

daemon@ATHENA.MIT.EDU (Signal 11)
Wed Mar 1 18:18:45 2000