Bugtraq mailing list archives
Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client
From: madecto () COMEDIA IT (Giulio E. D. Botto)
Date: Tue, 4 Nov 1997 19:34:13 +0100
af () C4C COM wrote: [...]
Yes, but try "|sh" instead. I've included a log of what happens.BTW, I believe that this also happens on HP-UX 9.05It works on our Linux slackware as well. I suspect most ftp clients are susceptible to this "problem." I also wonder about IBM's answer:
[...]
SOLUTION: Remove the setuid bit from the "ftp" command. On our 4.2.1, ftp will not run if it is not suid. Didn't somebody test this? Andrew Green af () c4c com
I've tried with root priviledges and it successfully worked with the following OSes: HPUX 9.05 (not setuid) HPUX 9.07 " " HPUX 10.10 " " HPUX 10.20 " " Solaris 2.5.1 " " Solaris 2.6 " " AIX 3.2.5 (setuid) AIX 4.1 " NTAS 4.0 N/A BTW ... all machines were updated with the latest patches from their respective vendors. -- +---------------------------------------------------------------------+ | MadEcto, the Neuromancer aka Giulio E. D. Botto | | e-mail: madecto () comedia it snail-mail: Via Zandonai 7/C | | madecto () starlink it 20090 Pieve Emanuale | | madecto () cyberspace org Milano | | | | phones: ++39+2-80215429 (office) ++39+2-90721025 (voice) | | ++39+2-90721038 (data) ++39+347-2263553 (GSM) | +---------------------------------------------------------------------+ -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.3a mQCpAi+dEw0AAAEE4N8gfU3LpcLm4gy9SV+pC6AUnNGMRmBeuskMb8IXrZx07ePT mfpl2k4mz11pqjezO0NgeYAELEpEcxGZAfhxxEJDQN5U68QpY9hDZ0PzbF60HZ/d pfuSKmpRWwW09IZmS/tRkybMYOGz9YkAeLAIcSjtpwftlbYSUfKfHOOSrOpKWUmG eU8+tG8Uiv3BDnS/JbmuEb83ZU5JlAbvMQAFEbQ2TWFkRWN0byB0aGUgTmV1cm9t YW5jZXIgPG1hZGVjdG9AbWFlbHN0cm9tLnNhbmdyaWEuaXQ+ =KD2w -----END PGP PUBLIC KEY BLOCK-----
Current thread:
- Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client af () C4C COM (Nov 03)
- <Possible follow-ups>
- Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client Lutz Donnerhacke (Nov 04)
- netapp NFS server crash by FreeBSD client [w/patch] Dmitry Kohmanyuk Дмитрий Кохманюк (Nov 05)
- simptcp hotfix renewed on 03/11/1997 Yves Kreis (Nov 05)
- Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client Wolfgang Ley (Nov 06)
- HPSBUX9710-072 Sec. Vulnerability in CDE on HP-UX 10.[10, 20, Aleph One (Nov 06)
- Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client Troy A. Bollinger (Nov 06)
- Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client Giulio E. D. Botto (Nov 04)