Date: Tue, 3 Feb 2015 12:45:24 +0300 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: scarybeasts@...il.com Subject: Re: vsftpd problem in deny_hosts On Tue, Feb 03, 2015 at 09:28:36AM +0100, Marcus Meissner wrote: > IBM reported to us a problem in vsftpd deny_hosts problem. > > CVE-2015-1419 > > https://bugzilla.novell.com/show_bug.cgi?id=915522 > > Description; > Set the option "deny_file" in /etc/vsftpd.conf on a top-directory (for example "deny_file=/home/*") > Then log in with ftp and try to cd to "/home/" first, which will fail, then try to cd to "/./home/" which will succeed! > The latter case shouldn't be possible as well! What does upstream say about this? (CC'ing.) Alexander
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ