Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client

Miguel Angel Rodriguez Jodar (rodriguj@DRAGO.FIE.US.ES)
Thu, 30 Oct 1997 21:27:27 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jonathan H. Pickard: "Re: FW: Apache Fix"
Previous message: Aleph One: "FreeBSD Security Advisory: FreeBSD-SA-97:05.open"

ers@VNET.IBM.COM wrote:
> VULNERABILITY: The AIX ftp client interprets server provided
> filenames
> I. Description
>
> The ftp client can be tricked into running arbitrary commands supplied
> by the
> remote server. When the remote file begins with a pipe symbol, the
> ftp client
> will process the contents of the remote file as a shell script.
>

On two machines running AIX 3.2.5 I've tested it, but instead of
executing the remote file, it searches for a local file with the same
name as the remote file and executes it with normal user priviledges
instead of root privilegdes.

BTW, I believe that this also happens on HP-UX 9.05

Miguel Angel Rodriguez
Area de Arqutectura y Tecnologia de Computadores
Universidad de Sevilla

Next message: Jonathan H. Pickard: "Re: FW: Apache Fix"
Previous message: Aleph One: "FreeBSD Security Advisory: FreeBSD-SA-97:05.open"