Ohm

PureFTPd accepts bad folder

Bug #598787 reported by Joel Cogen on 2010-06-26

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ohm	Fix Committed	Critical	Joel Cogen	Ohm pureftpd-1.0
	Pureftpd	Fix Committed	Undecided	Unassigned	Ohm pureftpd-1.0

Bug Description

PureFTPd accepts a bad folder from the web interface, then refuses login if the folder doesn't exist.
Submitting folder /home/joe/../../ is also accepted, so PureFTPd chroots to /, which is a security issue.

Joel Cogen (joel-cogen) on 2010-06-26

Changed in ohm:
importance:	Undecided → High
status:	New → Confirmed
assignee:	nobody → Joel Cogen (joel-cogen)

Joel Cogen (joel-cogen) on 2010-06-26

Changed in ohm:
milestone:	none → 0.1

Joel Cogen (joel-cogen) on 2010-06-26

visibility:	private → public
Changed in ohm:
milestone:	0.1 → pureftpd-0.1

Joel Cogen (joel-cogen) on 2010-06-26

Changed in ohm:
importance:	High → Critical

Joel Cogen (joel-cogen) on 2010-06-27

Changed in ohm:
status:	Confirmed → Fix Committed

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.