[10861] in bugtraq
Bug in MS FTP 4.0
daemon@ATHENA.MIT.EDU (Geoffrey Cleaves)
Fri Jun 18 13:48:04 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <76AC4DE725B8D211BA4E00805FE6BEFE29FD24@nashexch01.cnalife.com>
Date: Wed, 16 Jun 1999 15:41:35 -0500
Reply-To: Geoffrey.Cleaves@CNALIFE.COM
From: Geoffrey Cleaves <Geoffrey.Cleaves@CNALIFE.COM>
To: BUGTRAQ@NETSPACE.ORG
Could somebody please corroborate a bug that has been giving me problems and
I believe could be a security concern:
With a password that allows deleting and downloading, I have been able to
make files located on the FTP Server Version 4.0 undeletable except by
restarting the server (according to my wonderful IT department). What I do
is very simple. Using a client, I start downloading any file and while that
is taking place, I delete the same from the server also using the client.
The log tells me the delete is successful, but when refreshing the server
the file is still there. When trying to delete the file again I get a
message saying Access Denied. Remember, I have delete authority.
When I call my brilliant IT department that administers the server they tell
me the file does not exist. Apparently, it is not on the hard drive but
still in memory and can still be downloaded via FTP (just not deleted).
Wouldn't this mean that somebody could repeat what I have done continuously
until the memory is full and bring the server down?
Thanks for any help and before responding, please read my Apologies Section.
APOLOGIES
I know this list is meant for Unix issues, but I have seen many Microsoft
related posts.
This is my first post ever to this sort of list, so sorry if it was done
poorly.
I searched for the above described error in you archives and other places
before posting. Sorry if this is old news.
