[10865] in bugtraq
Re: Bug in MS FTP 4.0
daemon@ATHENA.MIT.EDU (Michael Howard)
Mon Jun 21 13:14:54 1999
Message-Id: <BBE1B65AF746D111868B00805FFEEF64159C75A1@RED-MSG-53>
Date: Fri, 18 Jun 1999 12:05:07 -0700
Reply-To: Michael Howard <mikehow@MICROSOFT.COM>
From: Michael Howard <mikehow@MICROSOFT.COM>
X-To: Geoffrey.Cleaves@CNALIFE.COM
To: BUGTRAQ@NETSPACE.ORG
i'll chase it up - we do cache the file, but we should be getting a notify
from the file system and flushing the cache. what service pack of nt are you
using?
Cheers, MH
IIS Security PM
-----Original Message-----
From: Geoffrey Cleaves [mailto:Geoffrey.Cleaves@CNALIFE.COM]
Sent: Wednesday, June 16, 1999 1:42 PM
To: BUGTRAQ@NETSPACE.ORG
Subject: Bug in MS FTP 4.0
Could somebody please corroborate a bug that has been giving me problems and
I believe could be a security concern:
With a password that allows deleting and downloading, I have been able to
make files located on the FTP Server Version 4.0 undeletable except by
restarting the server (according to my wonderful IT department). What I do
is very simple. Using a client, I start downloading any file and while that
is taking place, I delete the same from the server also using the client.
The log tells me the delete is successful, but when refreshing the server
the file is still there. When trying to delete the file again I get a
message saying Access Denied. Remember, I have delete authority.
When I call my brilliant IT department that administers the server they tell
me the file does not exist. Apparently, it is not on the hard drive but
still in memory and can still be downloaded via FTP (just not deleted).
Wouldn't this mean that somebody could repeat what I have done continuously
until the memory is full and bring the server down?
Thanks for any help and before responding, please read my Apologies Section.
APOLOGIES
I know this list is meant for Unix issues, but I have seen many Microsoft
related posts.
This is my first post ever to this sort of list, so sorry if it was done
poorly.
I searched for the above described error in you archives and other places
before posting. Sorry if this is old news.
