Vulnerability Development mailing list archives
Re: Multiple Local Vulnerabilities in some FTP Client.Who can exploitit by remote?
From: SpaceWalker <spacewalker () altern org>
Date: Mon, 6 May 2002 18:57:13 +0200
This is typically bad idea to let any localy exploitable programs, even if they are only exploitable by client (who has legitimate access) but I don't know if it's like this under win32, but under any unix, it's very hard to block command execution, if you let the possibility to run any program on the fs (who tried to remove /bin/sh ?) The real problem is into the vulnerabilities that let you exec something on computer : unicode problems should not exist. SpaceWalker On Mon, 6 May 2002 12:47:42 +1200 "Brett Moore" <brett () softwarecreations co nz> wrote:
But they forgot FTP.exe so we bof the ftp client and inject and run any code we like therefore bypassing the 'protection' given by removing cmd.exe Brett
Current thread:
- Multiple Local Vulnerabilities in some FTP Client.Who can exploit it by remote? lion (May 05)
- Re: Multiple Local Vulnerabilities in some FTP Client.Who can exploit it by remote? Stan Bubrouski (May 05)
- RE: Multiple Local Vulnerabilities in some FTP Client.Who can exploitit by remote? Brett Moore (May 06)
- Re: Multiple Local Vulnerabilities in some FTP Client.Who can exploitit by remote? SpaceWalker (May 06)
- RE: Multiple Local Vulnerabilities in some FTP Client.Who can exploitit by remote? Brett Moore (May 06)
- Re: Multiple Local Vulnerabilities in some FTP Client.Who can exploit it by remote? SpaceWalker (May 05)
- Re: Multiple Local Vulnerabilities in some FTP Client.Who can exploit it by remote? Frank Knobbe (May 08)
- Re: Multiple Local Vulnerabilities in some FTP Client.Who can exploit it by remote? Stan Bubrouski (May 05)