aix ftpd

From: alex medvedev (alexmat_private)
Date: Thu Nov 29 2001 - 14:01:32 PST

Next message: John Scimone: "PGPMail.pl possible remote command execution"

Previous message: alex medvedev: "aix ftpd"
Next in thread: David Barroso: "RE: aix ftpd"
Next in thread: Peter Kovacs: "Re: aix ftpd"
Reply: David Barroso: "RE: aix ftpd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hallo,

aix ftpd does strange things when supplied the notorious globbing pattern.
although it does not crash,
if you repeatedly run "ls ~{" it produces different results:

$ ftp aix5.1-ml01
Connected to aix.machine.com.
220 aix5.1 FTP server (Version 4.1 Tue May 29 11:57:21 CDT 2001) ready.
Name (aix5.1:alexm):
331 Password required for alexm.
Password:
230 User alexm logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ~{
227 Entering Passive Mode (10,0,32,2,128,211)
550 Unknown user name after ~
ftp> ls ~{
150 Opening data connection for /bin/ls.
Passive mode refused.
ftp> ls ~{
226 Transfer complete.
ftp: connect: Connection refused
ftp> ls ~{
227 Entering Passive Mode (10,0,32,2,128,212)
227 Entering Passive Mode (10,0,32,2,128,213)
ftp> ls ~{
227 Entering Passive Mode (10,0,32,2,128,214)
550 Unknown user name after ~
ftp> ls ~{
150 Opening data connection for /bin/ls.
Passive mode refused.
ftp> ls ~{
226 Transfer complete.
ftp: connect: Connection refused
ftp> ls ~{
227 Entering Passive Mode (10,0,32,2,128,215)
550 Unknown user name after ~
ftp> ls ~{
150 Opening data connection for /bin/ls.
Passive mode refused.
ftp> ls ~{
226 Transfer complete.
ftp: connect: Connection refused

moreover, after running "ls ~{" once and getting any error message --> you
can not run any commands and will get a connection refused message. after
several attempts the functionality restores. Example:

ftp> ls
227 Entering Passive Mode (10,0,32,2,128,250)
150 Opening data connection for /bin/ls.
total 46797
-rw-------   1 root     system           15 Nov 07 14:38 .bash_history
-rwxr-----   1 alexm    staff           254 Nov 07 14:02 .profile
-rw-------   1 alexm    staff          1458 Nov 08 10:10 .sh_history
drwx------   2 alexm    staff           512 Nov 07 14:04 .ssh
drwxr-xr-x  28 alexm    staff          3584 Nov 08 08:35 perl-5.6.1
-rw-r--r--   1 alexm    staff      23951360 Nov 07 14:04 stable.tar
226 Transfer complete.
ftp> ls ~{
227 Entering Passive Mode (10,0,32,2,128,251)
550 Unknown user name after ~
ftp> ls
150 Opening data connection for /bin/ls.
Passive mode refused.
ftp> ls
226 Transfer complete.
ftp: connect: Connection refused
ftp> ls
227 Entering Passive Mode (10,0,32,2,128,252)
150 Opening data connection for /bin/ls.
total 46797
-rw-------   1 root     system           15 Nov 07 14:38 .bash_history
-rwxr-----   1 alexm    staff           254 Nov 07 14:02 .profile
-rw-------   1 alexm    staff          1458 Nov 08 10:10 .sh_history
drwx------   2 alexm    staff           512 Nov 07 14:04 .ssh
drwxr-xr-x  28 alexm    staff          3584 Nov 08 08:35 perl-5.6.1
-rw-r--r--   1 alexm    staff      23951360 Nov 07 14:04 stable.tar
226 Transfer complete.

i did not have time to mess with it enough,
just thought it was interesting (hi, troy :) )

-alexm
__________________________________________
panic("Aiee, killing interrupt handler!");

Next message: John Scimone: "PGPMail.pl possible remote command execution"
Previous message: alex medvedev: "aix ftpd"
Next in thread: David Barroso: "RE: aix ftpd"
Next in thread: Peter Kovacs: "Re: aix ftpd"
Reply: David Barroso: "RE: aix ftpd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Nov 29 2001 - 18:13:05 PST