Vulnerability Development mailing list archives

aix ftpd

From: alex medvedev <r00t () swt edu>
Date: Thu, 29 Nov 2001 17:49:52 -0600

hallo,

to the moderator: i guess my first post never reached the list (my reverse dns 
does not resolve).
second attempt from a different place...

aix 5.1-ml01 ftpd does strange things when supplied the notorious globbing 
pattern.
although it does not crash, it produces interesting repeating (and repeatable) 
series of outputs.

run "ls ~{" once --> get an error message --> see the example session below.
after that you will not be able to run any commands and will get a connection 
refused message. 
then, however, after several attempts the functionality restores.
i guess the question here is if it is possible to make it never return to 
normal functionality.
Example session:

ftp> ls
227 Entering Passive Mode (10,0,32,2,128,250)
150 Opening data connection for /bin/ls.
total 46797
-rw-------   1 root     system           15 Nov 07 14:38 .bash_history
-rwxr-----   1 alexm    staff           254 Nov 07 14:02 .profile
-rw-------   1 alexm    staff          1458 Nov 08 10:10 .sh_history
drwx------   2 alexm    staff           512 Nov 07 14:04 .ssh
drwxr-xr-x  28 alexm    staff          3584 Nov 08 08:35 perl-5.6.1
-rw-r--r--   1 alexm    staff      23951360 Nov 07 14:04 stable.tar
226 Transfer complete.
ftp> ls ~{
227 Entering Passive Mode (10,0,32,2,128,251)
550 Unknown user name after ~
ftp> ls
150 Opening data connection for /bin/ls.
Passive mode refused.
ftp> ls
226 Transfer complete.
ftp: connect: Connection refused
ftp> ls
227 Entering Passive Mode (10,0,32,2,128,252)
150 Opening data connection for /bin/ls.
total 46797
-rw-------   1 root     system           15 Nov 07 14:38 .bash_history
-rwxr-----   1 alexm    staff           254 Nov 07 14:02 .profile
-rw-------   1 alexm    staff          1458 Nov 08 10:10 .sh_history
drwx------   2 alexm    staff           512 Nov 07 14:04 .ssh
drwxr-xr-x  28 alexm    staff          3584 Nov 08 08:35 perl-5.6.1
-rw-r--r--   1 alexm    staff      23951360 Nov 07 14:04 stable.tar
226 Transfer complete.

i am pretty sure aix 4.3.3 ftpd will behave similarly.
i did not have time to mess with it enough,
just thought it was interesting (hi, troy :) )

-alexm

_______________________________________
CPU not found.
Press any key for software emulation...
_

Current thread:

aix ftpd alex medvedev (Nov 29)
- Re: aix ftpd Peter Kovacs (Nov 30)
  - Re: aix ftpd alex medvedev (Nov 30)
- <Possible follow-ups>
- aix ftpd alex medvedev (Nov 29)
  - RE: aix ftpd David Barroso (Nov 30)