Vulnerability Development mailing list archives

Re: aix ftpd

From: alex medvedev <alexm () synthesys com>
Date: Fri, 30 Nov 2001 11:27:45 -0600 (CST)

hallo,

On Fri, 30 Nov 2001, Peter Kovacs wrote:


i am pretty sure aix 4.3.3 ftpd will behave similarly.

Not really.

ftp> passive
Passive mode on.
ftp> ls
227 Entering Passive Mode (194,149,2,108,219,88)
150 Opening data connection for ..
.profile
226 Transfer complete.
ftp> ls ~{
227 Entering Passive Mode (194,149,2,108,219,92)
550 Unknown user name after ~
ftp> ls
227 Entering Passive Mode (194,149,2,108,219,94)
150 Opening data connection for ..
.profile
226 Transfer complete.
ftp>by
221 Goodbye.
[petke@risca]lslpp -l bos.rte|grep bos
  bos.rte                   4.3.3.75  APPLIED    Base Operating System Runtime
  bos.rte                    4.3.3.0  COMMITTED  Base Operating System Runtime
[petke@risca]lslpp -l bos.\*|grep tcp
  bos.msg.en_US.net.tcp.client
  bos.net.tcp.adt           4.3.3.50  COMMITTED  TCP/IP Application Toolkit
  bos.net.tcp.client        4.3.3.75  COMMITTED  TCP/IP Client Support
  bos.net.tcp.server        4.3.3.75  COMMITTED  TCP/IP Server


it is strange, because i was able to reproduce the problem on 4.3.3 ml8
too (same fileset levels), even got a new error: ftp: bind: Address
already in use:

ftp> ls ~{
550 Unknown user name after ~
ftp: bind: Address already in use


also this is worth mentioning: note the commands i run and output i get in
the following session:

ftp> ls ~{
227 Entering Passive Mode (10,0,16,16,201,83)
550 Unknown user name after ~
ftp> ls ~{
150 Opening data connection for /bin/ls.
Passive mode refused.
ftp> ls ~{
226 Transfer complete.
ftp: connect: Connection refused
ftp> pwd
227 Entering Passive Mode (10,0,16,16,201,84)
ftp> pwd
227 Entering Passive Mode (10,0,16,16,201,85)
ftp> pwd
257 "/home/root" is current directory.
ftp> ls
257 "/home/root" is current directory.
257 "/home/root" is current directory.
ftp> ls
227 Entering Passive Mode (10,0,16,16,201,86)
150 Opening data connection for /bin/ls.
total 13031
-rw-------   1 root     system      1296 Oct 26 12:55 .TTauthority
-rw-------   1 root     system        98 Oct 26 12:54 .Xauthority
snipped
226 Transfer complete.

as you can see "ls" printed the output of "pwd" twice instead of file
listing.

btw, this was on aix 4.3.3 ml8

bye,

-alexm

Current thread:

aix ftpd alex medvedev (Nov 29)
- Re: aix ftpd Peter Kovacs (Nov 30)
  - Re: aix ftpd alex medvedev (Nov 30)
- <Possible follow-ups>
- aix ftpd alex medvedev (Nov 29)
  - RE: aix ftpd David Barroso (Nov 30)