[5491] in bugtraq
Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client
daemon@ATHENA.MIT.EDU (Giulio E. D. Botto)
Thu Nov 6 16:03:01 1997
Date: Tue, 4 Nov 1997 19:34:13 +0100
Reply-To: "Giulio E. D. Botto" <madecto@COMEDIA.IT>
From: "Giulio E. D. Botto" <madecto@COMEDIA.IT>
To: BUGTRAQ@NETSPACE.ORG
af@C4C.COM wrote:
[...]
> Yes, but try "|sh" instead. I've included a log of what happens.
> > BTW, I believe that this also happens on HP-UX 9.05
>
> It works on our Linux slackware as well. I suspect most ftp
> clients are susceptible to this "problem."
> I also wonder about IBM's answer:
[...]
>
> SOLUTION: Remove the setuid bit from the "ftp" command.
>
> On our 4.2.1, ftp will not run if it is not suid.
> Didn't somebody test this?
>
> Andrew Green
> af@c4c.com
I've tried with root priviledges and it successfully worked with the
following OSes:
HPUX 9.05 (not setuid)
HPUX 9.07 " "
HPUX 10.10 " "
HPUX 10.20 " "
Solaris 2.5.1 " "
Solaris 2.6 " "
AIX 3.2.5 (setuid)
AIX 4.1 "
NTAS 4.0 N/A
BTW ... all machines were updated with the latest patches from their
respective vendors.
--
+---------------------------------------------------------------------+
| MadEcto, the Neuromancer aka Giulio E. D. Botto |
| e-mail: madecto@comedia.it snail-mail: Via Zandonai 7/C |
| madecto@starlink.it 20090 Pieve Emanuale |
| madecto@cyberspace.org Milano |
| |
| phones: ++39+2-80215429 (office) ++39+2-90721025 (voice) |
| ++39+2-90721038 (data) ++39+347-2263553 (GSM) |
+---------------------------------------------------------------------+
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a
mQCpAi+dEw0AAAEE4N8gfU3LpcLm4gy9SV+pC6AUnNGMRmBeuskMb8IXrZx07ePT
mfpl2k4mz11pqjezO0NgeYAELEpEcxGZAfhxxEJDQN5U68QpY9hDZ0PzbF60HZ/d
pfuSKmpRWwW09IZmS/tRkybMYOGz9YkAeLAIcSjtpwftlbYSUfKfHOOSrOpKWUmG
eU8+tG8Uiv3BDnS/JbmuEb83ZU5JlAbvMQAFEbQ2TWFkRWN0byB0aGUgTmV1cm9t
YW5jZXIgPG1hZGVjdG9AbWFlbHN0cm9tLnNhbmdyaWEuaXQ+
=KD2w
-----END PGP PUBLIC KEY BLOCK-----
