Vulnerability Development mailing list archives

Re: WIN2K security bug with FTP. Bug allows any file to be delete d from the remote system.

From: Andrew Thomas <blink () EYE2EYE NET>
Date: Sun, 18 Feb 2001 15:56:51 +0200

Hi,


Client side vulnerabilities are great _IF_ you can force a
client to perform
the overflow or what not.
A client side "vulnerability" where the client has to type in random
commands to ftp.exe or have things placed in their profile
(which they are
then screwed anyways) is not something overly worthwhile.


What about situations where one is capable of gaining access to a machine
via unicode or any other known/unknown vuln that does not give one system
access, and then utilising this in conjunction with the above to cause more
havoc?

Take care,
  Andrew
-
Andrew Thomas
office: +27 21 4889820
facsimile: +27 21 4889830
mobile: +27 82 7850166
 "One trend that bothers me is the glorification of
stupidity, that the media is reassuring people it's
alright not to know anything. That to me is far more
dangerous than a little pornography on the Internet."
  - Carl Sagan

Current thread:

Re: WIN2K security bug with FTP. Bug allows any file to be delete d from the remote system. Andrew Thomas (Feb 18)
- Re: WIN2K security bug with FTP. Bug allows any file to be deleted from the remote system. Marc Maiffret (Feb 18)
  - Re: WIN2K security bug with FTP. Bug allows any file to be deleted from the remote system. Egemen Tas (Feb 19)