Bugtraq mailing list archives

Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client

From: madecto () COMEDIA IT (Giulio E. D. Botto)
Date: Tue, 4 Nov 1997 19:34:13 +0100


af () C4C COM wrote:
[...]

Yes, but try "|sh" instead.  I've included a log of what happens.

BTW, I believe that this also happens on HP-UX 9.05


It works on our Linux slackware as well.  I suspect most ftp
clients are susceptible to this "problem."
I also wonder about IBM's answer:

[...]


SOLUTION:         Remove the setuid bit from the "ftp" command.

On our 4.2.1, ftp will not run if it is not suid.
Didn't somebody test this?

Andrew Green
af () c4c com


I've tried with root priviledges and it successfully worked with the
following OSes:

HPUX 9.05       (not setuid)
HPUX 9.07         "     "
HPUX 10.10        "     "
HPUX 10.20        "     "
Solaris 2.5.1     "     "
Solaris 2.6       "     "
AIX 3.2.5       (setuid)
AIX 4.1             "
NTAS 4.0            N/A

BTW ... all machines were updated with the latest patches from their
respective vendors.
--
+---------------------------------------------------------------------+
| MadEcto, the Neuromancer aka Giulio E. D. Botto                     |
|   e-mail: madecto () comedia it       snail-mail: Via Zandonai 7/C     |
|           madecto () starlink it                  20090 Pieve Emanuale |
|           madecto () cyberspace org               Milano               |
|                                                                     |
|   phones: ++39+2-80215429 (office)  ++39+2-90721025 (voice)         |
|           ++39+2-90721038 (data)    ++39+347-2263553 (GSM)          |
+---------------------------------------------------------------------+
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a

mQCpAi+dEw0AAAEE4N8gfU3LpcLm4gy9SV+pC6AUnNGMRmBeuskMb8IXrZx07ePT
mfpl2k4mz11pqjezO0NgeYAELEpEcxGZAfhxxEJDQN5U68QpY9hDZ0PzbF60HZ/d
pfuSKmpRWwW09IZmS/tRkybMYOGz9YkAeLAIcSjtpwftlbYSUfKfHOOSrOpKWUmG
eU8+tG8Uiv3BDnS/JbmuEb83ZU5JlAbvMQAFEbQ2TWFkRWN0byB0aGUgTmV1cm9t
YW5jZXIgPG1hZGVjdG9AbWFlbHN0cm9tLnNhbmdyaWEuaXQ+
=KD2w
-----END PGP PUBLIC KEY BLOCK-----

Current thread:

Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client af () C4C COM (Nov 03)
- <Possible follow-ups>
- Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client Lutz Donnerhacke (Nov 04)
  - netapp NFS server crash by FreeBSD client [w/patch] Dmitry Kohmanyuk Дмитрий Кохманюк (Nov 05)
  - simptcp hotfix renewed on 03/11/1997 Yves Kreis (Nov 05)
  - Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client Wolfgang Ley (Nov 06)
  - HPSBUX9710-072 Sec. Vulnerability in CDE on HP-UX 10.[10, 20, Aleph One (Nov 06)
  - Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client Troy A. Bollinger (Nov 06)
- Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client Giulio E. D. Botto (Nov 04)