[5471] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client

daemon@ATHENA.MIT.EDU (Miguel Angel Rodriguez Jodar)
Thu Oct 30 16:27:10 1997

Date: 	Thu, 30 Oct 1997 21:27:27 +0100
Reply-To: Miguel Angel Rodriguez Jodar <rodriguj@DRAGO.FIE.US.ES>
From: Miguel Angel Rodriguez Jodar <rodriguj@DRAGO.FIE.US.ES>
To: BUGTRAQ@NETSPACE.ORG

ers@VNET.IBM.COM wrote:
> VULNERABILITY:    The AIX ftp client interprets server provided
> filenames
> I.  Description
>
> The ftp client can be tricked into running arbitrary commands supplied
> by the
> remote server.  When the remote file begins with a pipe symbol, the
> ftp client
> will process the contents of the remote file as a shell script.
>

On two machines running AIX 3.2.5 I've tested it, but instead of
executing the remote file, it searches for a local file with the same
name as the remote file and executes it with normal user priviledges
instead of root privilegdes.

BTW, I believe that this also happens on HP-UX 9.05

    Miguel Angel Rodriguez
    Area de Arqutectura y Tecnologia de Computadores
    Universidad de Sevilla


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[5471] in bugtraq

Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client

daemon@ATHENA.MIT.EDU (Miguel Angel Rodriguez Jodar)Thu Oct 30 16:27:10 1997

daemon@ATHENA.MIT.EDU (Miguel Angel Rodriguez Jodar)
Thu Oct 30 16:27:10 1997