Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Serv-U FTP-Server v2.4a showing real path
From: signal11 () MEDIAONE NET (Signal 11)
Date: Tue, 29 Feb 2000 22:36:48 -0600

Actually this is not a bug, but a nasty thing
if you request a wrong dir from Serv-U FTP-Server v2.4a, it will
return the full physical path of the disk.

Yes, but Apache does the same thing with various error conditions
too (atleast 1.3.6 does) unless you chroot it.  It's not a serious
security bug.. not without an exploit to team up with it.

~ Signal 11

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]