From owner-freebsd-bugs@FreeBSD.ORG Wed Feb 14 17:10:19 2007 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 4AB9616A468 for ; Wed, 14 Feb 2007 17:10:19 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [69.147.83.40]) by mx1.freebsd.org (Postfix) with ESMTP id 0256713C441 for ; Wed, 14 Feb 2007 17:10:19 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id l1EHAIS5036416 for ; Wed, 14 Feb 2007 17:10:18 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id l1EHAILP036411; Wed, 14 Feb 2007 17:10:18 GMT (envelope-from gnats) Resent-Date: Wed, 14 Feb 2007 17:10:18 GMT Resent-Message-Id: <200702141710.l1EHAILP036411@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Ahsan Khan Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A3D3816A420 for ; Wed, 14 Feb 2007 17:09:33 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [69.147.83.33]) by mx1.freebsd.org (Postfix) with ESMTP id 94CAA13C4A7 for ; Wed, 14 Feb 2007 17:09:33 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l1EH9WUF056339 for ; Wed, 14 Feb 2007 17:09:32 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id l1EH9WQN056338; Wed, 14 Feb 2007 17:09:32 GMT (envelope-from nobody) Message-Id: <200702141709.l1EH9WQN056338@www.freebsd.org> Date: Wed, 14 Feb 2007 17:09:32 GMT From: Ahsan Khan To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.0 Cc: Subject: misc/109168: ftpd shows full system files when using FTP with IE7 X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Feb 2007 17:10:19 -0000 >Number: 109168 >Category: misc >Synopsis: ftpd shows full system files when using FTP with IE7 >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Feb 14 17:10:18 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Ahsan Khan >Release: 4.9-RELEASE FreeBSD 4.9-RELEASE #0 >Organization: NA >Environment: FreeBSD xxxxxxxxx 4.9-RELEASE FreeBSD 4.9-RELEASE #0: Sun Oct 31 11:32:31 EST 2004 root@xxxxxxxx:/usr/src/sys/compile/jahil i386 >Description: When using FTP feature of Browser on IE7 browser shows file listing of / and one can then drill down to any other folder including etc, bin can read any file, can download any thing. system security is fully compromised. >How-To-Repeat: install IE7 on XP or Vista and open FTP using /etc/inetd.conf, then simplly do the FTP using any account, i have tried accounts with bash shell and it will show you the root of file system insted of user home folder. These foders are not chroot so in theory users can go up one level and get to other folders anyway. >Fix: not known yet >Release-Note: >Audit-Trail: >Unformatted: