".."-hole in Broker FTP Server v.3.0 Build 1.
acfc6c3200dab5bf7eab84848292f6b0484d0d94053fc3bd9537b80dcaf13b5b
<HTML>
<HEAD>
<TITLE>".."-hole in Broker FTP Server v.3.0 Build 1</TITLE>
</HEAD>
<BODY BGCOLOR="BLACK" TEXT="#FFDFBF" LINK="#C08010" VLINK="#C08010" ALINK="WHITE">
<FONT FACE="arial" SIZE="3">
<B>- ".."-hole in Broker FTP Server v.3.0 Build 1 -</B>
<BR><BR>
</FONT>
<FONT FACE="arial" SIZE="2">
There's a hole in Broker FTP Server v.3.0 Build 1. Here's an example:
<BR><BR>
You have it installed with FTP root in c:\FTProot and you have a user "test" with home directory in c:\FTProot\test. You also have checked the "Display as ROOT directory" checkbox for test, so he/she can't get below the home directory. CWD won't take him/here below it, but LIST will:
<BR><BR>
LIST ..\..\winnt\
<BR><BR>
will list the contents of c:\winnt and
<BR><BR>
NLST ..\..\winnt\
<BR><BR>
will also list the contents of c:\winnt. Of course this isn't as bad as if CWD or RETR had worked, but you probably don't want anybody to be able to look around in your private directories.
</FONT>
<BR>
<FONT FACE="arial" SIZE="2">
<BR><BR>
<HR WIDTH="50%" ALIGN="CENTER" SIZE="1">
<CENTER><A HREF="http://www.bahnhof.se/~winnt/">[Home]</A> <A HREF="http://www.bahnhof.se/~winnt/advisories/index.html">[Security Advisories]</A> <A HREF="http://www.bahnhof.se/~winnt/toolbox/index.html">[The Toolbox]</A> <A HREF="http://www.bahnhof.se/~winnt/trashcan/index.html">[The Trashcan]</A></CENTER>
<P ALIGN=RIGHT>
<FONT FACE="arial" SIZE="1">
© 1999, Arne Vidström
</FONT>
</P>
</FONT>
</BODY>
</HTML>