VULHUB ™

G6 FTP Server now known as BPFTP Server is an internet FTP server by Gene6 BPFTP Server has a flaw which can permit a remote user to learn the physcial path to the FTP service's root directory. By submitting the FTP command 'dele' along with ':' and any filename, the attacker can cause an error message to be generated by BPFTP which includes the path for the ftp root. Properly exploited, this information could assist a hostile user in carrying out other attacks on the system.

G6 FTP Server now known as BPFTP Server is an internet FTP server by Gene6 BPFTP Server has a flaw which can permit a remote user to learn the physcial path to the FTP service's root directory. By submitting the FTP command 'dele' along with ':' and any filename, the attacker can cause an error message to be generated by BPFTP which includes the path for the ftp root. Properly exploited, this information could assist a hostile user in carrying out other attacks on the system.