--- SnakeByte / Eric Sesterhenn <snakebyte@gmx.de> <snip> > Texas Imperial Software WFTPD > CWD ... > CWD .... > directory traversal possible <snip> I have already posted this bug to bugtraq on May 24, 2001 (cfr. http://online.securityfocus.com/bid/2779/) The bug has been fixed in version 3.10 release 1 (cfr. http://online.securityfocus.com/bid/2779/info/) I have verified this with WFTPD 32-bit (X86) version 3.10 release 1 9/27/2001, and this version is patched against this bug (both CWD ... & CWD ....), since the server returns : 501 User is not allowed to change to ... - returning to /. or 501 User is not allowed to change to .... - returning to /. (/ is the homedirectory of the user, not the rootdirectory) cheers, [ByteRage] __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com