Re: ftp conversions exploit

From: David Malone (dwmaloneat_private)
Date: Wed Dec 22 1999 - 12:01:12 PST

Next message: Casper Dik: "Re: procmail / Sendmail - five bugs"

Previous message: Rainer Link: "Re: Announcement: Solaris loadable kernel module backdoor"
Next in thread: Alexey Chetroi: "Re: ftp conversions exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Dec 22, 1999 at 04:47:25AM +0000, Desi Hacker wrote:

> during the exploiting process.. the final step as instructed by the auther
> doesn't work
>
> ftp> get "--use-compress-program=sh blah".tar
> or
> ftp> get "--use-compress-program=sh blah".tar
>
> instead is gives a warning of permission denied!
> in case of anon ftp logging

The ftpaccess man page contains the following example line:

	path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9._]*$ ^\. ^-

which disallows filenames starting with . or - to anonymous users.
Maybe your ftpaccess line contains this?

	David.

Next message: Casper Dik: "Re: procmail / Sendmail - five bugs"
Previous message: Rainer Link: "Re: Announcement: Solaris loadable kernel module backdoor"
Next in thread: Alexey Chetroi: "Re: ftp conversions exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:22:56 PDT