Vulnerability Development mailing list archives

Re: WIN2K security bug with FTP. Bug allows any file to be deleted from the remote system.

From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Fri, 16 Feb 2001 12:57:16 +0300

Hello Antti,

Friday, February 16, 2001, 1:53:46 AM, you wrote:

AH> This little " ms feature" allows anyfile on your system to be deleted. This applies at least Win2k build 2195 
servicepack 1 & latest updates.

AH> Using the GET command like this.

<skipped>

AH>         App: ftp.exe (pid=824)

<skipped>


AH> Otherwise, better not to be using w2k as FTP server.

You have dumped your ftp client, not server. The file is also probably
deleted  by FTP client, not server. If so, this is not security issue.
Try to check this issue remotely.



--
 /3APA3A
Âå÷íàÿ ïàìÿòü ñâÿòîìó Ïàòðèêó! (Òâåí)

Current thread:

WIN2K security bug with FTP. Bug allows any file to be deleted from the remote system. Antti Hakulinen (Feb 15)
- Re: WIN2K security bug with FTP. Bug allows any file to be deleted from the remote system. Stephen (Feb 16)
  - Re: WIN2K security bug with FTP. Bug allows any file to bedeleted from the remote system. Kevin van der Raad (Feb 16)
- Re: WIN2K security bug with FTP. Bug allows any file to be deleted from the remote system. 3APA3A (Feb 16)
  - Re: WIN2K security bug with FTP. Bug allows any file to be deleted from the remote system. Antti Hakulinen (Feb 16)
    - Re: WIN2K security bug with FTP. Bug allows any file to be deleted from the remote system. Marc Maiffret (Feb 16)
    - Re: WIN2K security bug with FTP. Bug allows any file to be deleted from the remote system. 3APA3A (Feb 23)
- Re: WIN2K security bug with FTP. Bug allows any file to be deleted Robert A. Seace (Feb 16)