The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Glftpd | Glftpd | 1.18 (including) | 1.18 (including) |
| Glftpd | Glftpd | 1.19 (including) | 1.19 (including) |
| Glftpd | Glftpd | 1.20 (including) | 1.20 (including) |
| Glftpd | Glftpd | 1.21b1 (including) | 1.21b1 (including) |
| Glftpd | Glftpd | 1.21b2 (including) | 1.21b2 (including) |
| Glftpd | Glftpd | 1.21b3 (including) | 1.21b3 (including) |
| Glftpd | Glftpd | 1.21b4 (including) | 1.21b4 (including) |
| Glftpd | Glftpd | 1.21b5 (including) | 1.21b5 (including) |
| Glftpd | Glftpd | 1.21b6 (including) | 1.21b6 (including) |
| Glftpd | Glftpd | 1.21b7 (including) | 1.21b7 (including) |
| Glftpd | Glftpd | 1.21b8 (including) | 1.21b8 (including) |
References
- http://archives.neohapsis.com/archives/bugtraq/2000-06/0317.html
- http://www.securityfocus.com/bid/1401
- http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=Pine.LNX.4.10.10006261041360.31907-200000%40twix.thrijswijk.nl
- http://archives.neohapsis.com/archives/bugtraq/2000-06/0317.html
- http://www.securityfocus.com/bid/1401
- http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=Pine.LNX.4.10.10006261041360.31907-200000%40twix.thrijswijk.nl