Bugtraq mailing list archives
Re: security hole in mget (in ftp client)
From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Tue, 5 Aug 1997 12:55:27 -0400
On most Unix platforms, when an ftp client processes an mget command, it does not check [...for evilness like:] In particular, a malicious ftp server's NLST response might include lines such as "../.forward",
Perhaps the easiest solution is to fix the ftp client to ignore lines in an NLST response that include a '/' character.
I rather dislike this. It's too useful to "mget */*.??" and the like. I'd rather see it refuse, or at least confirm, paths beginning with "../" or including "/../". One could argue the client should accept a leading ../ when the user specified a leading ../, but that's probably getting a little too frilly. (Of course, this should all be configurable off, but it also should default on.) der Mouse mouse () rodents montreal qc ca 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- security hole in mget (in ftp client) mhpower () MIT EDU (Aug 04)
- <Possible follow-ups>
- Re: security hole in mget (in ftp client) der Mouse (Aug 05)
- Re: security hole in mget (in ftp client) Jim Hutchins (Aug 12)