Bugtraq mailing list archives
Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client
From: lutz () TARANIS IKS-JENA DE (Lutz Donnerhacke)
Date: Tue, 4 Nov 1997 08:20:05 GMT
* af () C4C COM wrote:
It works on our Linux slackware as well. I suspect most ftp clients are susceptible to this "problem."
Tested it with NcFTP 2.4.2: No security problem, the file "|sh" does exists afterwards. netkit-ftp-0.10: Problem occurs as described. Navigator/Communicator: No security problem, the content of the file is displayed.
I also wonder about IBM's answer: SOLUTION: Remove the setuid bit from the "ftp" command. On our 4.2.1, ftp will not run if it is not suid. Didn't somebody test this?
Yep. ftp does not need suid: -rwxr-xr-x 1 root root /bin/ftp* -rwxr-xr-x 1 root root /usr/bin/ncftp* DFN-CERT corrected the solution of IBM. It was a false statment according to them.
Current thread:
- Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client af () C4C COM (Nov 03)
- <Possible follow-ups>
- Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client Lutz Donnerhacke (Nov 04)
- netapp NFS server crash by FreeBSD client [w/patch] Dmitry Kohmanyuk Дмитрий Кохманюк (Nov 05)
- simptcp hotfix renewed on 03/11/1997 Yves Kreis (Nov 05)
- Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client Wolfgang Ley (Nov 06)
- HPSBUX9710-072 Sec. Vulnerability in CDE on HP-UX 10.[10, 20, Aleph One (Nov 06)
- Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client Troy A. Bollinger (Nov 06)
- Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client Giulio E. D. Botto (Nov 04)