Re: ftp conversions exploit

From: Alexey Chetroi (lexat_private)
Date: Thu Dec 23 1999 - 22:51:21 PST

Next message: Aaron Sigel: "FYI, SCO Security patches available."

Previous message: Roy Sigurd Karlsbakk: "Re: Groupewise Web Interface"
Next in thread: Gregory A Lundberg: "Re: ftp conversions exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 22 Dec 1999, David Malone wrote:

> On Wed, Dec 22, 1999 at 04:47:25AM +0000, Desi Hacker wrote:
>
> > during the exploiting process.. the final step as instructed by the auther
> > doesn't work
> >
> > ftp> get "--use-compress-program=sh blah".tar
> > or
> > ftp> get "--use-compress-program=sh blah".tar
> >
> > instead is gives a warning of permission denied!
> > in case of anon ftp logging
>
> The ftpaccess man page contains the following example line:
>
> 	path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9._]*$ ^\. ^-
>
> which disallows filenames starting with . or - to anonymous users.
> Maybe your ftpaccess line contains this?

it doesn't disallow filenames starting with . or -, it disallows filenames
with spaces

>
> 	David.
>

Next message: Aaron Sigel: "FYI, SCO Security patches available."
Previous message: Roy Sigurd Karlsbakk: "Re: Groupewise Web Interface"
Next in thread: Gregory A Lundberg: "Re: ftp conversions exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:23:19 PDT