[4714] in bugtraq
Re: SunOS 4.1.4 ftp serious bug
daemon@ATHENA.MIT.EDU (maximum entropy)
Tue Jun 17 00:03:20 1997
Date: Mon, 16 Jun 1997 18:11:17 -0400
Reply-To: maximum entropy <entropy@ZIPPY.BERNSTEIN.COM>
From: maximum entropy <entropy@ZIPPY.BERNSTEIN.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199706162203.SAA07778@zippy.bernstein.com> (message from maximum
entropy on Mon, 16 Jun 1997 18:03:12 -0400 (EDT))
>From: maximum entropy <entropy@zippy.bernstein.com>
>
>>From: "Homer W. Smith" <homer@LIGHTLINK.COM>
>> [...]
>>220 light.lightlink.com FTP server (Version wu-2.4.2-academ[BETA-12](4) Mon Jun 2 21:41:50 EDT 1997) ready.
>> [...]
>
>I don't suppose you noticed you're running wu-ftpd, NOT the SunOS ftpd...
I just re-read your original message, and I see you were complaining
about ftp, not ftpd.
Anyway, your problem is that A == B, whereas in your original message
you said:
> ftp from SunOS machine A to any other machine B.
I think you will find that the original file is NOT erased if you
actually ftp to a DIFFERENT machine. The problem is in how you are
expecting a put with an absolute path name to work, which isn't how it
actually works.
In any case, even if this IS a bug (which I say it isn't), it isn't a
security problem and probably doesn't belong on bugtraq.
Cheers,
entropy
--
entropy -- it's not just a good idea, it's the second law.
