Serv-U FTP Server Path Disclosure Vulnerability

Solution:
There is an option to change the messages to a less informative format.

Directions for version 2.5b:
Start the user or Group Manager. Select a user or group. Click the 'Misc.' button and the second checkbox is 'Show path relative to homedir'. Enabling this causes the server to give out messages like:

550 /nonexist: No such file or directory.
and
250 Directory changed to /exist

Note that this has to be done for each user or group.



 

Privacy Statement
Copyright 2010, SecurityFocus