Bugtraq mailing list archives
Re: SunOS 4.1.4 ftp serious bug
From: entropy () ZIPPY BERNSTEIN COM (maximum entropy)
Date: Mon, 16 Jun 1997 18:11:17 -0400
From: maximum entropy <entropy () zippy bernstein com>From: "Homer W. Smith" <homer () LIGHTLINK COM> [...] 220 light.lightlink.com FTP server (Version wu-2.4.2-academ[BETA-12](4) Mon Jun 2 21:41:50 EDT 1997) ready. [...]I don't suppose you noticed you're running wu-ftpd, NOT the SunOS ftpd...
I just re-read your original message, and I see you were complaining about ftp, not ftpd. Anyway, your problem is that A == B, whereas in your original message you said:
ftp from SunOS machine A to any other machine B.
I think you will find that the original file is NOT erased if you actually ftp to a DIFFERENT machine. The problem is in how you are expecting a put with an absolute path name to work, which isn't how it actually works. In any case, even if this IS a bug (which I say it isn't), it isn't a security problem and probably doesn't belong on bugtraq. Cheers, entropy -- entropy -- it's not just a good idea, it's the second law.
Current thread:
- Re: SunOS 4.1.4 ftp serious bug Homer W. Smith (Jun 16)
- Re: SunOS 4.1.4 ftp serious bug Dan Pritts (Jun 16)
- Getpwnam bus error.. is this patched? Charles Howes (Jun 23)
- Re: Getpwnam bus error.. is this patched? Casper Dik (Jun 24)
- Getpwnam bus error.. is this patched? Charles Howes (Jun 23)
- Re: SunOS 4.1.4 ftp serious bug maximum entropy (Jun 16)
- shotgun-1.1b buffer overflow(s) PLaGuEZ (Jan 01)
- Re: shotgun-1.1b buffer overflow(s) Alan Cox (Jun 17)
- Re: SunOS 4.1.4 ftp serious bug maximum entropy (Jun 16)
- shotgun-1.1b buffer overflow(s) PLaGuEZ (Jan 01)
- Re: SunOS 4.1.4 ftp serious bug Dan Pritts (Jun 16)