Lucene search
broker.ftp.server.3.0.txt
๐๏ธย 17 Aug 1999ย 00:00:00Reported byย Packet StormTypeย 
ย packetstorm๐ย packetstormsecurity.com๐ย 21ย Views
Vulnerability found in Broker FTP Server v. 3.0 allowing unauthorized directory listing.
Show more
`Date: Tue, 1 Jun 1999 07:24:24 +0200
From: Arne Vidstrom <[email protected]>
To: [email protected]
Subject: Vulnerability in Broker FTP Server v. 3.0 Build 1
Hi,
I've found a vulnerability in Broker FTP Server v. 3.0 Build 1. Here's an
example:
You have it installed with FTP root in c:\FTProot and you have a user
"test" with home directory in c:\FTProot\test. You also have checked the
"Display as ROOT directory" checkbox for test, so he/she can't get below
the home directory. CWD won't take him/here below it, but LIST will:
LIST ..\..\winnt\
will list the contents of c:\winnt and
NLST ..\..\winnt\
will also list the contents of c:\winnt. Of course this isn't as bad as if
CWD or RETR had worked, but you probably don't want anybody to be able to
look around in your private directories... I've contacted Transsoft about
this, and they should have released a new version that fixed this more than
a week ago. I've contacted them again but they haven't given me a reply
this time.
/Arne Vidstrom
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4