Bugtraq mailing list archives

Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client

From: rodriguj () DRAGO FIE US ES (Miguel Angel Rodriguez Jodar)
Date: Thu, 30 Oct 1997 21:27:27 +0100


ers () VNET IBM COM wrote:

VULNERABILITY:    The AIX ftp client interprets server provided
filenames
I.  Description

The ftp client can be tricked into running arbitrary commands supplied
by the
remote server.  When the remote file begins with a pipe symbol, the
ftp client
will process the contents of the remote file as a shell script.


On two machines running AIX 3.2.5 I've tested it, but instead of
executing the remote file, it searches for a local file with the same
name as the remote file and executes it with normal user priviledges
instead of root privilegdes.

BTW, I believe that this also happens on HP-UX 9.05

    Miguel Angel Rodriguez
    Area de Arqutectura y Tecnologia de Computadores
    Universidad de Sevilla

Current thread:

IBM-ERS Security Vulnerability Alert: The AIX ftp client ers () VNET IBM COM (Oct 29)
- <Possible follow-ups>
- Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client Miguel Angel Rodriguez Jodar (Oct 30)