Gene6 BPFTP Server File Existence Disclosure Vulnerability

A user can confirm the existence and location of files and directory structure information, by submitting a 'size' or 'mdtm' command of a file. If the command is carried out by the vulnerable service, the attacker can confirm the location of the file.

Submitting a 'size' or 'mdtm' command for a file outside of the FTP root could disclose directory structure information of unpublished filesystems on the host. If the requested command is fulfilled by the vulnerable service, the attacker can confirm the relative path to the file.

Either request is achievable even if the 'show relative paths' option is not enabled.


 

Privacy Statement
Copyright 2010, SecurityFocus