Bugtraq mailing list archives

Re: security hole in mget (in ftp client)

From: mouse () RODENTS MONTREAL QC CA (der Mouse)
Date: Tue, 5 Aug 1997 12:55:27 -0400

On most Unix platforms, when an ftp client processes an mget command,
it does not check [...for evilness like:]  In particular, a malicious
ftp server's NLST response might include lines such as "../.forward",

Perhaps the easiest solution is to fix the ftp client to ignore lines
in an NLST response that include a '/' character.


I rather dislike this.  It's too useful to "mget */*.??" and the like.

I'd rather see it refuse, or at least confirm, paths beginning with
"../" or including "/../".  One could argue the client should accept a
leading ../ when the user specified a leading ../, but that's probably
getting a little too frilly.  (Of course, this should all be
configurable off, but it also should default on.)

                                        der Mouse

                               mouse () rodents montreal qc ca
                     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Current thread:

security hole in mget (in ftp client) mhpower () MIT EDU (Aug 04)
- <Possible follow-ups>
- Re: security hole in mget (in ftp client) der Mouse (Aug 05)
- Re: security hole in mget (in ftp client) Jim Hutchins (Aug 12)