[Vulnerable] Varias empresas FTP «pipe »

14/06/2004 - 14:22 por Ille Corvus | Informe spam

Multiple Vendor FTP pipe Vulnerability
http://www.securityfocus.com/bid/396/info/

There is a feature implementation in a number of ftp clients shipped
with unix operating systems that may be a security threat.

This issue has to do with handling filenames when the user is
specifying files to be retrieved from an ftp server.

If the filename begins with a '|' character, the client will execute
the following characters in the filename as shell commands.

The command execution is the result of the client misinterpreting the
user-input.

An attacker may be able to exploit this if files can be placed on the
server with '|' characters in the filename. The victim would then have
to attempt to retrieve the files.

La mayoria de los fabricantes ya han sacado un parche.
http://www.securityfocus.com/bid/396/solution/

Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)

"El software propietario sera solo para los que lo puedan pagar."
"El software libre es para toda la Humanidad."

Siga el debate

2 respuestas

Tengo una respuesta

DRAGON AGE™: INQUISITION – Matadragones

Leer las respuestas

#1 Anonimo

14/06/2004 - 21:52 | Informe spam

M$ no ha sacado parche que raro no? jajajaja

Mostrar la cita
clients shipped
Mostrar la cita
will execute
Mostrar la cita
misinterpreting the
Mostrar la cita
placed on the
Mostrar la cita
would then have
Mostrar la cita
pagar."
Mostrar la cita

Leer las otras respuestas

Preguntas similares

[Vulnerable] Varias empresas FTP pipe

Busqueda sugerida :