Bugtraq: Re: Serv-U FTP-Server v2.4a showing real path

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: Serv-U FTP-Server v2.4a showing real path

From: signal11 () MEDIAONE NET (Signal 11)
Date: Tue, 29 Feb 2000 22:36:48 -0600

Actually this is not a bug, but a nasty thing
if you request a wrong dir from Serv-U FTP-Server v2.4a, it will
return the full physical path of the disk.


Yes, but Apache does the same thing with various error conditions
too (atleast 1.3.6 does) unless you chroot it.  It's not a serious
security bug.. not without an exploit to team up with it.

~ Signal 11

By Date By Thread

Current thread:

Re: Serv-U FTP-Server v2.4a showing real path Ben Greenbaum (Feb 29)
- <Possible follow-ups>
- Re: Serv-U FTP-Server v2.4a showing real path Signal 11 (Feb 29)