Re: IBM-ERS Security Vulnerability Alert: The AIX ftp client

Lutz Donnerhacke (lutz@TARANIS.IKS-JENA.DE)
Tue, 04 Nov 1997 08:20:05 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Dmitry Kohmanyuk =?KOI8-R?B?5M3J1NLJyiDrz8jNwc7Ayw==?=: "netapp NFS server crash by FreeBSD client [w/patch]"
Previous message: Erwin J. van Eijk: "Re: MIT Kerberos V5 R1.0.2 is released"

* af@C4C.COM wrote:
>It works on our Linux slackware as well. I suspect most ftp
>clients are susceptible to this "problem."

Tested it with
NcFTP 2.4.2:
No security problem, the file "|sh" does exists afterwards.
netkit-ftp-0.10:
Problem occurs as described.
Navigator/Communicator:
No security problem, the content of the file is displayed.

>I also wonder about IBM's answer:
>SOLUTION: Remove the setuid bit from the "ftp" command.
>
>On our 4.2.1, ftp will not run if it is not suid.
>Didn't somebody test this?

Yep. ftp does not need suid:
-rwxr-xr-x 1 root root /bin/ftp*
-rwxr-xr-x 1 root root /usr/bin/ncftp*

DFN-CERT corrected the solution of IBM. It was a false statment according to
them.

Next message: Dmitry Kohmanyuk =?KOI8-R?B?5M3J1NLJyiDrz8jNwc7Ayw==?=: "netapp NFS server crash by FreeBSD client [w/patch]"
Previous message: Erwin J. van Eijk: "Re: MIT Kerberos V5 R1.0.2 is released"