Reported November 27, 2000 by Overdrive
A vulnerability in Winsock FTPd Pro has been identified that allows users to break out of the chroot jail that the software is supposed to enforce for them. This issue can cause users to have access to files and directories that they normally would not have access to. DEMONSTRATION Normally when a user issues the command cd../../ the software will not allow the request. A malicious user, however, could issue cd /../../ and just out of the restricted directory and access other files and directories. VENDOR RESPONSE The vendor, Texas Imperial Software, has released a new version that addresses this bug. CREDIT |
0 comments
Hide comments