Vulnerability Development mailing list archives
Re: WIN2K security bug with FTP. Bug allows any file to be delete d from the remote system.
From: Andrew Thomas <blink () EYE2EYE NET>
Date: Sun, 18 Feb 2001 15:56:51 +0200
Hi,
Client side vulnerabilities are great _IF_ you can force a client to perform the overflow or what not. A client side "vulnerability" where the client has to type in random commands to ftp.exe or have things placed in their profile (which they are then screwed anyways) is not something overly worthwhile.
What about situations where one is capable of gaining access to a machine via unicode or any other known/unknown vuln that does not give one system access, and then utilising this in conjunction with the above to cause more havoc? Take care, Andrew - Andrew Thomas office: +27 21 4889820 facsimile: +27 21 4889830 mobile: +27 82 7850166 "One trend that bothers me is the glorification of stupidity, that the media is reassuring people it's alright not to know anything. That to me is far more dangerous than a little pornography on the Internet." - Carl Sagan
Current thread:
- Re: WIN2K security bug with FTP. Bug allows any file to be delete d from the remote system. Andrew Thomas (Feb 18)