Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client
Miguel Angel Rodriguez Jodar (rodriguj@DRAGO.FIE.US.ES)
Thu, 30 Oct 1997 21:27:27 +0100
ers@VNET.IBM.COM wrote:
> VULNERABILITY: The AIX ftp client interprets server provided
> filenames
> I. Description
>
> The ftp client can be tricked into running arbitrary commands supplied
> by the
> remote server. When the remote file begins with a pipe symbol, the
> ftp client
> will process the contents of the remote file as a shell script.
>
On two machines running AIX 3.2.5 I've tested it, but instead of
executing the remote file, it searches for a local file with the same
name as the remote file and executes it with normal user priviledges
instead of root privilegdes.
BTW, I believe that this also happens on HP-UX 9.05
Miguel Angel Rodriguez
Area de Arqutectura y Tecnologia de Computadores
Universidad de Sevilla