BisonWare FTP Server Traversal Arbitrary File/Directory Access

Network Security News – Sunday, June 26, 2005 Events

BisonWare FTP Server Traversal Arbitrary File/Directory Access

BisonWare FTP Server contains a flaw that allows a remote attacker to access files outside of the ftp root. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (…/…/) supplied via ftp 'cd' command.. Read more at osvdb.org/17482