Reported December 28, 2001, by Ertan Kurt.
Encrypted File Transfer Protocol 22.214.171.1246 for Windows
A vulnerability exists in Encrypted File Transfer Protocol 126.96.36.1996 that an attacker can use to break out of his or her home directory and see the contents of every drive and directory on the vulnerable host. Issuing the command “CWD …” and then “CWD \” changes the current directory to the root drive. However, the attacker has to following the procedure listed above he or she wants to change the working directory to list another directory’s content.
Discovered by Ertan Kurt.