[25633] in bugtraq
Re: Problems with various windows FTP servers
daemon@ATHENA.MIT.EDU (Alun Jones)
Fri May 31 17:43:12 2002
Message-Id: <4.3.2.7.2.20020531154645.00ccd550@208.55.91.110>
Date: Fri, 31 May 2002 15:50:06 -0500
To: "SnakeByte / Eric Sesterhenn" <snakebyte@gmx.de>
From: Alun Jones <alun@texis.com>
Cc: <bugtraq@lists.securityfocus.com>
In-Reply-To: <006f01c205ad$d65e98c0$3400a8c0@lan>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 01:39 PM 5/27/2002, SnakeByte / Eric Sesterhenn wrote:
>Texas Imperial Software WFTPD
> CWD ...
> CWD ....
> directory traversal possible
From email received from SnakeByte out of band, it's clear that he's
working on an extremely old version of WFTPD, downloaded from a web site
that we are unfortunately unable to update due to errors in the automated
update procedures at that web site.
The bug he refers to has been reported to Bugtraq before, has been fixed,
and has been reported fixed on Bugtraq before.
The bug, if there is one, is that anything that is freely distributed is
always available in old versions. Always, always, always go to the source
of whatever software you use to at least check that you are running current
software, even if you don't download from that source directly.
Running extremely old software, as SnakeByte has shown, leaves you open to
extremely old bugs.
Alun.
~~~~
--
Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419 | VISA/MC accepted. NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT.
