Serv-U FTP 服务器路径泄漏漏洞

漏洞信息详情

Serv-U FTP 服务器路径泄漏漏洞

• CNNVD编号：CNNVD-200002-085
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2000-0176
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2000-02-29
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  cat_soft
• 漏洞来源：
  Posted to bugtraq …

Serv-U 2.5d和更早版本的默认配置存在漏洞。远程攻击者通过请求不存在的目录或文件的URL确定服务器的真实路径名。

There is an option to change the messages to a less informative format.
Directions for version 2.5b:
Start the user or Group Manager. Select a user or group. Click the ‘Misc.’ button and the second checkbox is ‘Show path relative to homedir’. Enabling this causes the server to give out messages like:
550 /nonexist: No such file or directory.
and
250 Directory changed to /exist
Note that this has to be done for each user or group.

来源: BID
名称: 1016
链接:http://www.securityfocus.com/bid/1016

来源: BUGTRAQ
名称: 20000228 Serv-U FTP-Server v2.4a showing real path
链接:http://archives.neohapsis.com/archives/bugtraq/2000-02/0417.html