BisonFTP BDL File Upload Directory Traversal Vulnerability

BisonFTP is a commercial application designed to run on Windows Operating Systems. BisonFTP offers an add-on ftp daemon to Windows 9x, NT4, Me and 2000 systems.

It is possible to upload .bdl files. By uploading .bdl files, it's possible for a user to escape their home directory, and into the root directory of the drive on which their home is hosted.

This makes it possible for a local user to traverse the directory, possibly gaining access to sensitive information.


Privacy Statement
Copyright 2010, SecurityFocus