Pablos FTP Server Unauthorized File Existence Disclosure Vulnerability

A vulnerability reportedly affects Pablos FTP server that can allow for a remote attacker to determine whether files outside of the FTP root directory exist or not. This behavior is exhibited when a client attempts to delete a file outside of the FTP root directory using a relative path comprised of ".." sequences. While the file is not deleted in any case, the error message displayed will differ depending on whether or not the file exists.


 

Privacy Statement
Copyright 2010, SecurityFocus