[25586] in bugtraq
Re: Problems with various windows FTP servers
daemon@ATHENA.MIT.EDU (ByteRage)
Tue May 28 11:35:16 2002
Message-ID: <20020528073203.87570.qmail@web13001.mail.yahoo.com>
Date: Tue, 28 May 2002 00:32:03 -0700 (PDT)
From: ByteRage <byterage@yahoo.com>
To: bugtraq@securityfocus.com
In-Reply-To: <006f01c205ad$d65e98c0$3400a8c0@lan>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
--- SnakeByte / Eric Sesterhenn <snakebyte@gmx.de>
<snip>
> Texas Imperial Software WFTPD
> CWD ...
> CWD ....
> directory traversal possible
<snip>
I have already posted this bug to bugtraq on May 24,
2001
(cfr. http://online.securityfocus.com/bid/2779/)
The bug has been fixed in version 3.10 release 1
(cfr. http://online.securityfocus.com/bid/2779/info/)
I have verified this with WFTPD 32-bit (X86) version
3.10 release 1 9/27/2001, and this version is patched
against this bug (both CWD ... & CWD ....), since the
server returns :
501 User is not allowed to change to ... - returning
to /.
or
501 User is not allowed to change to .... - returning
to /.
(/ is the homedirectory of the user, not the
rootdirectory)
cheers,
[ByteRage]
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
