I have a bone to pick with Sun's classification of the FTP traversal
vulnerability as 'not a bug'
Most notably:
> The Solaris ftp mget behaviour is consistent with other BSD derived
> ftp clients, for example on Linux and FreeBSD. Changing the
> existing behaviour will cause problems.
vulnerability as 'not a bug'
Most notably:
> The Solaris ftp mget behaviour is consistent with other BSD derived
> ftp clients, for example on Linux and FreeBSD. Changing the
> existing behaviour will cause problems.
I ...
[ more ]