Reported November 27, 2000 by Overdrive

VERSIONS AFFECTED
  • Winsock FTPd v2.41 Pro
  • Winsock FTPd v3.00 Pro

DESCRIPTION

A vulnerability in Winsock FTPd Pro has been identified that allows users to break out of the chroot jail that the software is supposed to enforce for them.

This issue can cause users to have access to files and directories that they normally would not have access to.

DEMONSTRATION

Normally when a user issues the command cd../../ the software will not allow the request.  A malicious user, however, could issue cd /../../ and just out of the restricted directory and access other files and directories.

VENDOR RESPONSE

The vendor, Texas Imperial Software, has released a new version that addresses this bug.

CREDIT
Discovered by
Interstellar Overdrive