Ticket History #1351: ftp mget vulnerability

# Thu Feb 13 22:07:16 2003 raeburn (Ken Raeburn) - Ticket created

Download (untitled) / with headers
text/plain 374B

ftp "get" and "mget" commands treat "-" and "|foo..." specially. If get
is given only one argument, or if mget is used, and if the server
filename is "-" or starts with "|", the results will probably not be
what was intended.

Cf. CERT VU 258721, http://www.kb.cert.org/vuls/id/258721 .

Version 1.2.7 is vulnerable. Patch recommended for 1.2.7, as well as
fixing for 1.3.

# Thu Feb 13 22:08:04 2003 raeburn (Ken Raeburn) - FinalPriority changed from (no value) to '60'

# Thu Feb 13 22:08:04 2003 raeburn (Ken Raeburn) - Priority changed from (no value) to '60'

# Thu Feb 13 22:08:04 2003 raeburn (Ken Raeburn) - Component krb5-appl added

# Thu Feb 13 22:08:04 2003 raeburn (Ken Raeburn) - Version_reported 1.2.7 added

# Thu Feb 13 22:08:05 2003 raeburn (Ken Raeburn) - Target_Version 1.3 added

# Thu Feb 13 22:13:11 2003 raeburn (Ken Raeburn) - Subject changed from (no value) to '[ftp mget vulnerability'

# Thu Feb 13 22:13:46 2003 raeburn (Ken Raeburn) - Subject changed from '[ftp mget vulnerability' to 'ftp mget vulnerability'

# Mon Jun 16 15:02:06 2003 raeburn (Ken Raeburn) - Correspondence added

From:	raeburn@mit.edu
Subject:	CVS Commit

Download (untitled) / with headers
text/plain 555B

* ftp.c (recvrequest): Add new argument indicating whether "-" and "|..."
special treatment should be disabled.
* ftp_var.h (recvrequest): Update declaration.
* cmds.c (remglob, ls, mls): Pass 0 as the extra argument.
(mget): Pass 1.
(getit): Pass 1 iff only one filename was supplied.

To generate a diff of this commit:

cvs diff -r1.74 -r1.75 krb5/src/appl/gssftp/ftp/ChangeLog
cvs diff -r1.22 -r1.23 krb5/src/appl/gssftp/ftp/cmds.c
cvs diff -r1.35 -r1.36 krb5/src/appl/gssftp/ftp/ftp.c
cvs diff -r1.14 -r1.15 krb5/src/appl/gssftp/ftp/ftp_var.h

# Mon Jun 16 15:31:33 2003 raeburn (Ken Raeburn) - Status changed from 'open' to 'resolved'

# Mon Jun 16 15:31:33 2003 raeburn (Ken Raeburn) - Queue changed from #8 to krb5

# Mon Jun 16 15:31:34 2003 raeburn (Ken Raeburn) - Comments added

Download (untitled) / with headers
text/plain 195B

I believe the current patches are sufficient for 1.3.

There are some potential issues with mput, but I think they're much
lower priority, not important for 1.3. I'll open a new ticket for them.

# Mon Jun 16 15:31:59 2003 raeburn (Ken Raeburn) - Tags pullup added

# Mon Jun 16 15:32:30 2003 raeburn (Ken Raeburn) - Target_Version 1.3 added

# Mon Jun 16 15:33:00 2003 raeburn (Ken Raeburn) - Component krb5-appl added

# Mon Jun 16 15:33:00 2003 raeburn (Ken Raeburn) - Version_reported 1.2.7 added

# Mon Jun 16 18:37:42 2003 tlyu (Taylor Yu) - Version_Fixed 1.3 added

# Mon Jun 16 18:37:43 2003 tlyu (Taylor Yu) - Correspondence added

From:	tlyu@mit.edu
Subject:	CVS Commit

Download (untitled) / with headers
text/plain 307B

pullup from trunk

To generate a diff of this commit:

cvs diff -r1.73.2.1 -r1.73.2.2 krb5/src/appl/gssftp/ftp/ChangeLog
cvs diff -r1.22 -r1.22.2.1 krb5/src/appl/gssftp/ftp/cmds.c
cvs diff -r1.35 -r1.35.2.1 krb5/src/appl/gssftp/ftp/ftp.c
cvs diff -r1.14 -r1.14.2.1 krb5/src/appl/gssftp/ftp/ftp_var.h

# Wed Dec 16 18:02:39 2015 tlyu (Taylor Yu) - CustomField pullup deleted