From: <bug...@ho...> - 2010-11-23 09:57:26
|
http://bugs.proftpd.org/show_bug.cgi?id=3541 Summary: Some random users can see full server listing Product: ProFTPD Version: 1.3.3c Platform: PC OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: core AssignedTo: pro...@li... ReportedBy: ma...@fl... CC: ma...@fl... Since the update to 1.3.3c we discovered that random users can see the full server listing through a FTP program. Their settings aren't different from anyone else on the server. When the user logs in, they go into the right directory (/home/username/) but they do see the full directory listing in their program (like /bin /var /etc). The other directories are read-only, the users can't change anything but it is a really big security problem. There are more topics about this problem, see: http://forums.proftpd.org/smf/index.php/topic,5194.0.html -- Configure bugmail: http://bugs.proftpd.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. |