Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client

Giulio E. D. Botto (madecto@COMEDIA.IT)
Tue, 04 Nov 1997 19:34:13 +0100

af@C4C.COM wrote:
[...]
> Yes, but try "|sh" instead. I've included a log of what happens.
> > BTW, I believe that this also happens on HP-UX 9.05
>
> It works on our Linux slackware as well. I suspect most ftp
> clients are susceptible to this "problem."
> I also wonder about IBM's answer:
[...]
>
> SOLUTION: Remove the setuid bit from the "ftp" command.
>
> On our 4.2.1, ftp will not run if it is not suid.
> Didn't somebody test this?
>
> Andrew Green
> af@c4c.com

I've tried with root priviledges and it successfully worked with the
following OSes:

HPUX 9.05 (not setuid)
HPUX 9.07 " "
HPUX 10.10 " "
HPUX 10.20 " "
Solaris 2.5.1 " "
Solaris 2.6 " "
AIX 3.2.5 (setuid)
AIX 4.1 "
NTAS 4.0 N/A

BTW ... all machines were updated with the latest patches from their
respective vendors.

--
+---------------------------------------------------------------------+
| MadEcto, the Neuromancer aka Giulio E. D. Botto                     |
|   e-mail: madecto@comedia.it       snail-mail: Via Zandonai 7/C     |
|           madecto@starlink.it                  20090 Pieve Emanuale |
|           madecto@cyberspace.org               Milano               |
|                                                                     |
|   phones: ++39+2-80215429 (office)  ++39+2-90721025 (voice)         |
|           ++39+2-90721038 (data)    ++39+347-2263553 (GSM)          |
+---------------------------------------------------------------------+
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.3a


mQCpAi+dEw0AAAEE4N8gfU3LpcLm4gy9SV+pC6AUnNGMRmBeuskMb8IXrZx07ePT
mfpl2k4mz11pqjezO0NgeYAELEpEcxGZAfhxxEJDQN5U68QpY9hDZ0PzbF60HZ/d
pfuSKmpRWwW09IZmS/tRkybMYOGz9YkAeLAIcSjtpwftlbYSUfKfHOOSrOpKWUmG
eU8+tG8Uiv3BDnS/JbmuEb83ZU5JlAbvMQAFEbQ2TWFkRWN0byB0aGUgTmV1cm9t
YW5jZXIgPG1hZGVjdG9AbWFlbHN0cm9tLnNhbmdyaWEuaXQ+
=KD2w
-----END PGP PUBLIC KEY BLOCK-----