Re: SunOS 4.1.4 ftp serious bug

maximum entropy (entropy@ZIPPY.BERNSTEIN.COM)
Mon, 16 Jun 1997 18:11:17 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Sevo Stille: "Re: Netscape Exploit"
Previous message: maximum entropy: "Re: SunOS 4.1.4 ftp serious bug"

>From: maximum entropy <entropy@zippy.bernstein.com>
>
>>From: "Homer W. Smith" <homer@LIGHTLINK.COM>
>> [...]
>>220 light.lightlink.com FTP server (Version wu-2.4.2-academ[BETA-12](4) Mon Jun 2 21:41:50 EDT 1997) ready.
>> [...]
>
>I don't suppose you noticed you're running wu-ftpd, NOT the SunOS ftpd...

I just re-read your original message, and I see you were complaining
about ftp, not ftpd.

Anyway, your problem is that A == B, whereas in your original message
you said:

> ftp from SunOS machine A to any other machine B.

I think you will find that the original file is NOT erased if you
actually ftp to a DIFFERENT machine. The problem is in how you are
expecting a put with an absolute path name to work, which isn't how it
actually works.

In any case, even if this IS a bug (which I say it isn't), it isn't a
security problem and probably doesn't belong on bugtraq.

Cheers,
entropy

--
entropy -- it's not just a good idea, it's the second law.

Next message: Sevo Stille: "Re: Netscape Exploit"
Previous message: maximum entropy: "Re: SunOS 4.1.4 ftp serious bug"