Bug 282343 - Path Traversal in FTP server
Summary: Path Traversal in FTP server
Status: Closed Not Accepted
Alias: None
Product: Documentation
Classification: Unclassified
Component: Website (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Sergio Carlavilla Delgado
URL:
Keywords:
: 282342 (view as bug list)
Depends on:
Blocks:
 
Reported: 2024-10-27 00:57 UTC by Shashwat
Modified: 2025-01-09 19:05 UTC (History)
3 users (show)

See Also:

Attachments
Bug File (607 bytes, text/plain)
2024-10-27 00:58 UTC, Shashwat 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Shashwat 2024-10-27 00:57:03 UTC 

    


    


      



        
          Comment 1
        

        
          Shashwat

        

        
        

        
          2024-10-27 00:58:24 UTC
        

      






Created attachment 254547 [details]
Bug File

    


    


      



        
          Comment 2
        

        
          Shashwat

        

        
        

        
          2024-10-27 00:59:31 UTC
        

      






I attached  the file where all the details present and i also provide the URl.
please look into this matter ASAP..

    


    


      



        
          Comment 3
        

        
          Mark Linimon

        

        
            freebsd_committer
            freebsd_triage
        

        
          2024-10-27 00:59:49 UTC
        

      






*** Bug 282342 has been marked as a duplicate of this bug. ***

    


    


      



        
          Comment 4
        

        
          Jamie Landeg-Jones

        

        
        

        
          2024-10-27 23:41:34 UTC
        

      






(In reply to Shashwat from comment #2)

You attached a password file....

    


    


      



        
          Comment 5
        

        
          Shashwat

        

        
        

        
          2024-10-28 08:06:01 UTC
        

      






(In reply to Jamie Landeg-Jones from comment #4)
I found that in the ftp server

    


    


      



        
          Comment 6
        

        
          Jamie Landeg-Jones

        

        
        

        
          2024-10-28 13:56:15 UTC
        

      






(In reply to Shashwat from comment #5)

Where is the URL you are referring to?

That password file is a blank, default template. Note that all the passwords are disabled.

Are you using the ftp server? Some versions of ftp daemon "chroot" into the ftp area on connection, so need a dummy passed and group file to show file ownership in the intended way. If this is what you're talking about it's harmless, and necessary.

    


    


      



        
          Comment 7
        

        
          Sergio Carlavilla Delgado

        

        
            freebsd_committer
            freebsd_triage
        

        
          2025-01-09 19:05:19 UTC
        

      






There's no problem to fix in the website.