Date: Tue, 3 Feb 2015 09:28:36 +0100 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: vsftpd problem in deny_hosts Hi, IBM reported to us a problem in vsftpd deny_hosts problem. CVE-2015-1419 https://bugzilla.novell.com/show_bug.cgi?id=915522 Description; Set the option "deny_file" in /etc/vsftpd.conf on a top-directory (for example "deny_file=/home/*") Then log in with ftp and try to cd to "/home/" first, which will fail, then try to cd to "/./home/" which will succeed! The latter case shouldn't be possible as well! Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ