Re: iis (ftp) 4.0

[3APA3A <3APA3A () SECURITY NNOV RU>]

Hello Guilherme Mesquita,

This  is  ftp client problem then sending quote'd command - it is used
as a format string. MS FTP service doesn't seems to have this problem,
but at least BSD ftp client has.

bash-2.03$ telnet ntst 21
Trying 10.0.0.1...
Connected to ntst
Escape character is '^]'.
220 ntst Microsoft FTP Service (Version 4.0).
USER ftp
331 Anonymous access allowed, send identity (e-mail name) as password.
PASS
230 Anonymous user logged in.
cd %f
500 'CD %f': command not understood
quit

bash-2.03$ ftp ntst
Connected to ntst
220 ntst Microsoft FTP Service (Version 4.0).
Name (ntst:xxx): ftp
331 Anonymous access allowed, send identity (e-mail name) as password.
Password:
230 Anonymous user logged in.
Remote system type is Windows_NT.
ftp> quote cd %f
500 'CD 0.000000': command not understood
ftp>

The problem is in quote1() function in cmds.c:

         if (command(buf) == PRELIM) {

command defined as

         command(const char *fmt, ...)




/3APA3A


30.07.00 16:45, you wrote: iis (ftp) 4.0;

G> hey doods take a look at this:

G> bash-2.03$ ftp xxx.xxx.microsoft.com
G> Connected to xxx.xxx.microsoft.com
G> 220 mickeysoft Microsoft FTP Service (Version 4.0).
G> Name (xxx.xxx.microsoft.com:guy): anonymous
G> 331 Anonymous access allowed, send identity (e-mail name) as password.
G> Password:
G> 230 Anonymous user logged in.
G> Remote system type is Windows_NT.