Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: Re: Serv-U FTP-Server v2.4a showing real path

Re: Serv-U FTP-Server v2.4a showing real path

From: Signal 11 <signal11_at_MEDIAONE.NET>
Date: Tue, 29 Feb 2000 22:36:48 -0600

> Actually this is not a bug, but a nasty thing
> if you request a wrong dir from Serv-U FTP-Server v2.4a, it will
> return the full physical path of the disk.

Yes, but Apache does the same thing with various error conditions
too (atleast 1.3.6 does) unless you chroot it. It's not a serious
security bug.. not without an exploit to team up with it.

~ Signal 11
Received on Mar 01 2000

This message: [ Message body ]
Next message: Marc: "Re: EZ Shopper 3.0 shopping cart CGI remote command execution"
Previous message: FreeBSD Security Officer: "FreeBSD Security Advisory: FreeBSD-SA-00:06.htdig"
Next in thread: Ben Greenbaum: "Re: Serv-U FTP-Server v2.4a showing real path"
Maybe reply: Ben Greenbaum: "Re: Serv-U FTP-Server v2.4a showing real path"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]