[Vulnerable] Varias empresas FTP «pipe »

14/06/2004 - 14:22 por Ille Corvus | Informe spam
Multiple Vendor FTP pipe Vulnerability
http://www.securityfocus.com/bid/396/info/


There is a feature implementation in a number of ftp clients shipped
with unix operating systems that may be a security threat.

This issue has to do with handling filenames when the user is
specifying files to be retrieved from an ftp server.

If the filename begins with a '|' character, the client will execute
the following characters in the filename as shell commands.

The command execution is the result of the client misinterpreting the
user-input.

An attacker may be able to exploit this if files can be placed on the
server with '|' characters in the filename. The victim would then have
to attempt to retrieve the files.


La mayoria de los fabricantes ya han sacado un parche.
http://www.securityfocus.com/bid/396/solution/


Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


"El software propietario sera solo para los que lo puedan pagar."
"El software libre es para toda la Humanidad."

Preguntas similare

Leer las respuestas

#1 Anonimo
14/06/2004 - 21:52 | Informe spam
M$ no ha sacado parche que raro no? jajajaja

Multiple Vendor FTP pipe Vulnerability
http://www.securityfocus.com/bid/396/info/


There is a feature implementation in a number of ftp


clients shipped
with unix operating systems that may be a security threat.

This issue has to do with handling filenames when the user is
specifying files to be retrieved from an ftp server.

If the filename begins with a '|' character, the client


will execute
the following characters in the filename as shell commands.

The command execution is the result of the client


misinterpreting the
user-input.

An attacker may be able to exploit this if files can be


placed on the
server with '|' characters in the filename. The victim


would then have
to attempt to retrieve the files.


La mayoria de los fabricantes ya han sacado un parche.
http://www.securityfocus.com/bid/396/solution/


Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


"El software propietario sera solo para los que lo puedan


pagar."
"El software libre es para toda la Humanidad."
.

Respuesta Responder a este mensaje
#2 .
14/06/2004 - 21:55 | Informe spam
x-no-archive:yes
email Siga el debate Respuesta Responder a este mensaje
Ads by Google
Help Hacer una preguntaRespuesta Tengo una respuesta
Search Busqueda sugerida