Forums Últimos mensajes - Powered by IBM
 
Tags Palabras claves

[Vulnerable] Varias empresas FTP «pipe »

14/06/2004 - 14:22 por Ille Corvus | Informe spam
Ayuda Hacer una pregunta
Multiple Vendor FTP pipe Vulnerability
http://www.securityfocus.com/bid/396/info/


There is a feature implementation in a number of ftp clients shipped
with unix operating systems that may be a security threat.

This issue has to do with handling filenames when the user is
specifying files to be retrieved from an ftp server.

If the filename begins with a '|' character, the client will execute
the following characters in the filename as shell commands.

The command execution is the result of the client misinterpreting the
user-input.

An attacker may be able to exploit this if files can be placed on the
server with '|' characters in the filename. The victim would then have
to attempt to retrieve the files.


La mayoria de los fabricantes ya han sacado un parche.
http://www.securityfocus.com/bid/396/solution/


Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


"El software propietario sera solo para los que lo puedan pagar."
"El software libre es para toda la Humanidad."
email Siga el debateRespuesta 2 respuestasRespuesta Tengo una respuesta
DRAGON AGE™: INQUISITION – Matadragones
 

Leer las respuestas

#1 Anonimo
14/06/2004 - 21:52 | Informe spam
M$ no ha sacado parche que raro no? jajajaja

Multiple Vendor FTP pipe Vulnerability
http://www.securityfocus.com/bid/396/info/


There is a feature implementation in a number of ftp


clients shipped
with unix operating systems that may be a security threat.

This issue has to do with handling filenames when the user is
specifying files to be retrieved from an ftp server.

If the filename begins with a '|' character, the client


will execute
the following characters in the filename as shell commands.

The command execution is the result of the client


misinterpreting the
user-input.

An attacker may be able to exploit this if files can be


placed on the
server with '|' characters in the filename. The victim


would then have
to attempt to retrieve the files.


La mayoria de los fabricantes ya han sacado un parche.
http://www.securityfocus.com/bid/396/solution/


Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


"El software propietario sera solo para los que lo puedan


pagar."
"El software libre es para toda la Humanidad."
.

Preguntas similares

 

Busqueda sugerida :