Vulnerability Development mailing list archives
Re: WIN2K security bug with FTP. Bug allows any file to bedeleted from the remote system.
From: Kevin van der Raad <k.van.der.raad () itsec nl>
Date: Fri, 16 Feb 2001 15:16:09 +0100
I can just confirm this vulnerability localy on a machine. When I did
c:\ftp ftp.target.com the file on my local machine got overwritten.
Then, it just worked on files I normaly (outside ftp) have access to, it
did not work on other local files (from other users). In this case it is
not even a local vulnerability.
I tested this on a Windows 2000 Advanced Server 5.00.2195 as well.
--
Kevin van der Raad <mailto:k.van.der.raad () itsec nl>
ITsec Nederland B.V. <http://www.itsec.nl>
Informatiebeveiliging
Exploit & Vulnerability Alerting Service
P.O. box 5120
NL 2000 GC Haarlem
Tel +31(0)23 542 05 78
Fax +31(0)23 534 54 77
--
ITsec Nederland B.V. may not be held liable for the effects or damages
caused by the direct or indirect use of the information or functionality
provided by this posting, nor the content contained within. Use them at
your own risk. ITsec Nederland B.V. bears no responsibility for misuse
of this posting or any derivatives thereof.
Current thread:
- WIN2K security bug with FTP. Bug allows any file to be deleted from the remote system. Antti Hakulinen (Feb 15)
- Re: WIN2K security bug with FTP. Bug allows any file to be deleted from the remote system. Stephen (Feb 16)
- Re: WIN2K security bug with FTP. Bug allows any file to bedeleted from the remote system. Kevin van der Raad (Feb 16)
- Re: WIN2K security bug with FTP. Bug allows any file to be deleted from the remote system. 3APA3A (Feb 16)
- Re: WIN2K security bug with FTP. Bug allows any file to be deleted from the remote system. Antti Hakulinen (Feb 16)
- Re: WIN2K security bug with FTP. Bug allows any file to be deleted Robert A. Seace (Feb 16)
- Re: WIN2K security bug with FTP. Bug allows any file to be deleted from the remote system. Stephen (Feb 16)