Re: WIN2K security bug with FTP. Bug allows any file to be deleted from the remote system.

[Antti Hakulinen <thpo () DREAMTHEATER ZZN COM>]

Yees.
Indeed.
Ofcourse I know that i crashed my ftp.exe program, not the server.

The program to be used is got to be ms ftp.exe.
I tried this remotely from RedHat 6.0, i couldn't reproduce it.
Like i said before, it is a FTP.EXE "Feature" :).
My apologies if any misunderstanding happened.

Yes. The file therefore ofcourse is deleted by the ftp.exe not the server,
but it doesn't matter.
In any way, it is still high security risk.

I will test it remotely with win2k's FTP.EXE right away so we get to know
will it work.
I'm 99% sure that i can reproduce it remotely.
Will be mailing results soon.......

Regards: Antti....



----- Original Message -----
From: "3APA3A" <3APA3A () SECURITY NNOV RU>
To: "Antti Hakulinen" <thpo () DREAMTHEATER ZZN COM>
Cc: <VULN-DEV () SECURITYFOCUS COM>
Sent: Friday, February 16, 2001 11:57 AM
Subject: Re: WIN2K security bug with FTP. Bug allows any file to be deleted
from the remote system.


> Hello Antti,
>
> Friday, February 16, 2001, 1:53:46 AM, you wrote:
>
> AH> This little " ms feature" allows anyfile on your system to be deleted.
This applies at least Win2k build 2195 servicepack 1 & latest updates.
> AH> Using the GET command like this.
>
> <skipped>
>
> AH>         App: ftp.exe (pid=824)
>
> <skipped>
>
>
> AH> Otherwise, better not to be using w2k as FTP server.
>
> You have dumped your ftp client, not server. The file is also probably
> deleted  by FTP client, not server. If so, this is not security issue.
> Try to check this issue remotely.
>
>
>
> --
>  /3APA3A
> Âå÷íàÿ ïàìÿòü ñâÿòîìó Ïàòðèêó! (Òâåí)