PureFTPd accepts bad folder
Bug #598787 reported by
Joel Cogen
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ohm |
Fix Committed
|
Critical
|
Joel Cogen | ||
Pureftpd |
Fix Committed
|
Undecided
|
Unassigned |
Bug Description
PureFTPd accepts a bad folder from the web interface, then refuses login if the folder doesn't exist.
Submitting folder /home/joe/../../ is also accepted, so PureFTPd chroots to /, which is a security issue.
Changed in ohm: | |
importance: | Undecided → High |
status: | New → Confirmed |
assignee: | nobody → Joel Cogen (joel-cogen) |
Changed in ohm: | |
milestone: | none → 0.1 |
visibility: | private → public |
Changed in ohm: | |
milestone: | 0.1 → pureftpd-0.1 |
Changed in ohm: | |
importance: | High → Critical |
Changed in ohm: | |
status: | Confirmed → Fix Committed |
To post a comment you must log in.