[12264] in bugtraq
Re: The old "." problem
daemon@ATHENA.MIT.EDU (S.Faust)
Mon Oct 18 14:08:52 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <002f01bf1832$e6e2d500$e6dec818@datasurge.net>
Date: Sat, 16 Oct 1999 20:02:27 -0400
Reply-To: "S.Faust" <sfaust@ISI-MTL.COM>
From: "S.Faust" <sfaust@ISI-MTL.COM>
X-To: nblasgen@NICK.REFRACT.COM, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
What version of Serv-U did you test?
On my side with the latest version ( as of 16/10/99 )
it did'nt work.
Log :
C:\TEMP\test>ftp slaughter
Connected to slaughter.
220 Serv-U FTP-Server v2.5a for WinSock ready...
User (slaughter:(none)): test
331 User name okay, need password.
Password:
230 User logged in, proceed.
ftp> cd test
250 Directory changed to /c:/ftp/test
ftp> ls -l
200 PORT Command successful.
150 Opening ASCII mode data connection for /bin/ls.
-rwx------ 1 user group 0 Oct 16 19:50
servu-ftpd-dot-test.txt
226 Transfer complete.
80 bytes received in 0.00 seconds (80000.00 Kbytes/sec)
ftp> get servu-ftpd-dot-test.txt
200 PORT Command successful.
550 Permission denied.
ftp> get servu-ftpd-dot-test.txt.
200 PORT Command successful.
550 Permission denied.
ftp> get servu-ftpd-dot-test.txt..
200 PORT Command successful.
550 Permission denied.
ftp> get servu-ftpd-dot-test.txt.......................................
200 PORT Command successful.
550 Permission denied.
ftp>
----- Original Message -----
From: <nblasgen@NICK.REFRACT.COM>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Wednesday, October 13, 1999 6:31 PM
Subject: The old "." problem
> A while back there was the problem of Windows HTTP servers with CGI and
> other sever parsed pages (ASF, SMX, etc) if you added a "." to the end it
> would give you the raw code in TEXT format. I understand how that was a
> security problem.
>
> Just noticed that the same problem is true for at least one Windows FTP
> server, Serv-U. I can't find a problem with being able to request files
> with a extra "." at the end. I was unable to test the idea of downloading
> files that I had no permissions too.
>
> Nicholas Blasgen
> Refract, LLC
