In AIX 4.3.3:
220 MPN FTP server (Version 4.1 Mon Jul 26 19:58:48 CDT 1999) ready.
Name (194.194.204.77:david):
331 Password required for david.
Password:
230 User david logged in.
ftp> ls ~{
200 PORT command successful.
550 Unknown user name after ~
ftp> ls ~{
200 PORT command successful.
550 Unknown user name after ~
ftp> ls ~{
200 PORT command successful.
550 Unknown user name after ~
ftp> ls ~{
200 PORT command successful.
550 Unknown user name after ~
ftp> ls ~{
200 PORT command successful.
550 Unknown user name after ~
ftp> ls
200 PORT command successful.
150 Opening data connection for ..
.profile
.sh_history
226 Transfer complete.
ftp>
there are no problems here.
Regards
-----Original Message-----
From: alex medvedev [mailto:alexmat_private]
Sent: 29 November 2001 23:02
To: vuln-devat_private
Subject: aix ftpd
hallo,
aix ftpd does strange things when supplied the notorious globbing pattern.
although it does not crash,
if you repeatedly run "ls ~{" it produces different results:
$ ftp aix5.1-ml01
Connected to aix.machine.com.
220 aix5.1 FTP server (Version 4.1 Tue May 29 11:57:21 CDT 2001) ready.
Name (aix5.1:alexm):
331 Password required for alexm.
Password:
230 User alexm logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls ~{
227 Entering Passive Mode (10,0,32,2,128,211)
550 Unknown user name after ~
ftp> ls ~{
150 Opening data connection for /bin/ls.
Passive mode refused.
ftp> ls ~{
226 Transfer complete.
ftp: connect: Connection refused
ftp> ls ~{
227 Entering Passive Mode (10,0,32,2,128,212)
227 Entering Passive Mode (10,0,32,2,128,213)
ftp> ls ~{
227 Entering Passive Mode (10,0,32,2,128,214)
550 Unknown user name after ~
ftp> ls ~{
150 Opening data connection for /bin/ls.
Passive mode refused.
ftp> ls ~{
226 Transfer complete.
ftp: connect: Connection refused
ftp> ls ~{
227 Entering Passive Mode (10,0,32,2,128,215)
550 Unknown user name after ~
ftp> ls ~{
150 Opening data connection for /bin/ls.
Passive mode refused.
ftp> ls ~{
226 Transfer complete.
ftp: connect: Connection refused
moreover, after running "ls ~{" once and getting any error message --> you
can not run any commands and will get a connection refused message. after
several attempts the functionality restores. Example:
ftp> ls
227 Entering Passive Mode (10,0,32,2,128,250)
150 Opening data connection for /bin/ls.
total 46797
-rw------- 1 root system 15 Nov 07 14:38 .bash_history
-rwxr----- 1 alexm staff 254 Nov 07 14:02 .profile
-rw------- 1 alexm staff 1458 Nov 08 10:10 .sh_history
drwx------ 2 alexm staff 512 Nov 07 14:04 .ssh
drwxr-xr-x 28 alexm staff 3584 Nov 08 08:35 perl-5.6.1
-rw-r--r-- 1 alexm staff 23951360 Nov 07 14:04 stable.tar
226 Transfer complete.
ftp> ls ~{
227 Entering Passive Mode (10,0,32,2,128,251)
550 Unknown user name after ~
ftp> ls
150 Opening data connection for /bin/ls.
Passive mode refused.
ftp> ls
226 Transfer complete.
ftp: connect: Connection refused
ftp> ls
227 Entering Passive Mode (10,0,32,2,128,252)
150 Opening data connection for /bin/ls.
total 46797
-rw------- 1 root system 15 Nov 07 14:38 .bash_history
-rwxr----- 1 alexm staff 254 Nov 07 14:02 .profile
-rw------- 1 alexm staff 1458 Nov 08 10:10 .sh_history
drwx------ 2 alexm staff 512 Nov 07 14:04 .ssh
drwxr-xr-x 28 alexm staff 3584 Nov 08 08:35 perl-5.6.1
-rw-r--r-- 1 alexm staff 23951360 Nov 07 14:04 stable.tar
226 Transfer complete.
i did not have time to mess with it enough,
just thought it was interesting (hi, troy :) )
-alexm
__________________________________________
panic("Aiee, killing interrupt handler!");
This archive was generated by hypermail 2b30 : Fri Nov 30 2001 - 09:02:24 PST