Vulnerability Development mailing list archives
Re: iis (ftp) 4.0
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Tue, 1 Aug 2000 18:08:32 +0400
Hello Guilherme Mesquita, This is ftp client problem then sending quote'd command - it is used as a format string. MS FTP service doesn't seems to have this problem, but at least BSD ftp client has. bash-2.03$ telnet ntst 21 Trying 10.0.0.1... Connected to ntst Escape character is '^]'. 220 ntst Microsoft FTP Service (Version 4.0). USER ftp 331 Anonymous access allowed, send identity (e-mail name) as password. PASS 230 Anonymous user logged in. cd %f 500 'CD %f': command not understood quit bash-2.03$ ftp ntst Connected to ntst 220 ntst Microsoft FTP Service (Version 4.0). Name (ntst:xxx): ftp 331 Anonymous access allowed, send identity (e-mail name) as password. Password: 230 Anonymous user logged in. Remote system type is Windows_NT. ftp> quote cd %f 500 'CD 0.000000': command not understood ftp> The problem is in quote1() function in cmds.c: if (command(buf) == PRELIM) { command defined as command(const char *fmt, ...) /3APA3A 30.07.00 16:45, you wrote: iis (ftp) 4.0; G> hey doods take a look at this: G> bash-2.03$ ftp xxx.xxx.microsoft.com G> Connected to xxx.xxx.microsoft.com G> 220 mickeysoft Microsoft FTP Service (Version 4.0). G> Name (xxx.xxx.microsoft.com:guy): anonymous G> 331 Anonymous access allowed, send identity (e-mail name) as password. G> Password: G> 230 Anonymous user logged in. G> Remote system type is Windows_NT.
Current thread:
- iis (ftp) 4.0 Guilherme Mesquita (Aug 01)
- Re: iis (ftp) 4.0 Renaud Deraison (Aug 02)
- Re: iis (ftp) 4.0 Marc Maiffret (Aug 02)
- Re: iis (ftp) 4.0 3APA3A (Aug 02)
- Re: iis (ftp) 4.0 Michal Zalewski (Aug 02)
- Re: iis (ftp) 4.0 Juliano Rizzo (Aug 02)