• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Multiple Vendor FTP Conversion Vulnerability

Severity: MODERATE

Description:

Some FTP servers provide a "conversion" service that pipes a requested file through a program, for example a decompression utility such as "tar", before it is passed to the remote user. Under some configurations where this is enabled a remote user can pass a filename beginning with a minus sign to FTP, which will pass this as an argument to the compression/archiver program (where it will be erroneously treated as a command line argument other than a filename). It may be possible to exploit this and execute commands on a remote machine. An example of this exploits the "--use-compress-program PROG" parameter passed to tar; if PROG refers to a program that is accessible to the FTP server, it will be executed. The remote user must have access to a writeable directory in order to exploit this. See exploit for details.

Affected Products:

• Caldera OpenLinux 2.3.0
• Caldera OpenLinux 2.4.0
• Caldera OpenLinux Desktop 2.3.0
• Caldera OpenLinux Server 3.1.0
• Cobalt Qube 1.0.0
• Compaq Tru64 4.0.0 B
• Compaq Tru64 4.0.0 D
• Compaq Tru64 4.0.0 d PK9 (BL17)
• Compaq Tru64 4.0.0 e
• Compaq Tru64 4.0.0 f
• Compaq Tru64 4.0.0 f PK6 (BL17)
• Compaq Tru64 4.0.0 f PK7 (BL18)
• Compaq Tru64 4.0.0 g
• Compaq Tru64 4.0.0 g PK3 (BL17)
• Compaq Tru64 5.0.0
• Compaq Tru64 5.0.0 PK4 (BL17)
• Compaq Tru64 5.0.0 PK4 (BL18)
• Compaq Tru64 5.0.0 a
• Compaq Tru64 5.0.0 a PK3 (BL17)
• Compaq Tru64 5.0.0 f
• Compaq Tru64 5.1.0
• Compaq Tru64 5.1.0 B
• Compaq Tru64 5.1.0 PK3 (BL17)
• Compaq Tru64 5.1.0 PK4 (BL18)
• Compaq Tru64 5.1.0 PK5 (BL19)
• Compaq Tru64 5.1.0 PK6 (BL20)
• Compaq Tru64 5.1.0 a
• Compaq Tru64 5.1.0 a PK1 (BL1)
• Compaq Tru64 5.1.0 a PK2 (BL2)
• Compaq Tru64 5.1.0 a PK3 (BL3)
• Compaq Tru64 5.1.0 a PK4 (BL21)
• Compaq Tru64 5.1.0 a PK5 (BL23)
• Compaq Tru64 5.1.0 b PK1 (BL1)
• Compaq Tru64 5.1.0 b PK2 (BL22)
• Conectiva Linux 4.0.0
• Conectiva Linux 4.0.0 es
• Conectiva Linux 4.1.0
• Conectiva Linux 4.2.0
• Conectiva Linux 5.0.0
• Conectiva Linux 5.1.0
• Conectiva Linux 6.0.0
• Conectiva Linux 7.0.0
• Conectiva Linux 8.0.0
• Conectiva Linux 9.0.0
• Debian Linux 2.2.0
• Debian Linux 2.2.0 68k
• Debian Linux 2.2.0 alpha
• Debian Linux 2.2.0 arm
• Debian Linux 2.2.0 powerpc
• Debian Linux 2.2.0 sparc
• Debian Linux 3.0.0
• Debian Linux 3.0.0 alpha
• Debian Linux 3.0.0 arm
• Debian Linux 3.0.0 hppa
• Debian Linux 3.0.0 ia-32
• Debian Linux 3.0.0 ia-64
• Debian Linux 3.0.0 m68k
• Debian Linux 3.0.0 mips
• Debian Linux 3.0.0 mipsel
• Debian Linux 3.0.0 ppc
• Debian Linux 3.0.0 s/390
• Debian Linux 3.0.0 sparc
• HP HP-UX 11.0.0
• HP HP-UX 11.11.0
• MandrakeSoft Corporate Server 1.0.1
• MandrakeSoft Linux Mandrake 6.0.0
• MandrakeSoft Linux Mandrake 6.1.0
• MandrakeSoft Linux Mandrake 7.0.0
• MandrakeSoft Linux Mandrake 7.1.0
• MandrakeSoft Linux Mandrake 7.2.0
• MandrakeSoft Linux Mandrake 8.0.0
• MandrakeSoft Linux Mandrake 8.0.0 ppc
• MandrakeSoft Linux Mandrake 8.1.0
• MandrakeSoft Linux Mandrake 8.2.0
• MandrakeSoft Linux Mandrake 8.2.0 ppc
• RedHat Linux 5.2.0 alpha
• RedHat Linux 5.2.0 i386
• RedHat Linux 5.2.0 sparc
• RedHat Linux 6.0.0
• RedHat Linux 6.0.0 alpha
• RedHat Linux 6.0.0 sparc
• RedHat Linux 6.1.0 alpha
• RedHat Linux 6.1.0 i386
• RedHat Linux 6.1.0 sparc
• RedHat Linux 6.2.0 alpha
• RedHat Linux 6.2.0 i386
• RedHat Linux 6.2.0 sparc
• RedHat Linux 7.0.0 alpha
• RedHat Linux 7.0.0 i386
• RedHat Linux 7.0.0 sparc
• RedHat Linux 7.1.0 alpha
• RedHat Linux 7.1.0 i386
• RedHat Linux 7.1.0 i586
• RedHat Linux 7.1.0 i686
• RedHat Linux 7.1.0 ia64
• RedHat Linux 7.1.0 noarch
• RedHat Linux 7.2.0 alpha
• RedHat Linux 7.2.0 athlon
• RedHat Linux 7.2.0 i386
• RedHat Linux 7.2.0 i586
• RedHat Linux 7.2.0 i686
• RedHat Linux 7.2.0 ia64
• RedHat Linux 7.2.0 noarch
• S.u.S.E. Linux 6.1.0
• S.u.S.E. Linux 6.1.0 alpha
• S.u.S.E. Linux 6.2.0
• S.u.S.E. Linux 6.3.0
• S.u.S.E. Linux 6.3.0 alpha
• S.u.S.E. Linux 6.3.0 ppc
• S.u.S.E. Linux 6.4.0
• S.u.S.E. Linux 6.4.0 alpha
• S.u.S.E. Linux 6.4.0 ppc
• S.u.S.E. Linux 7.0.0 alpha
• S.u.S.E. Linux 7.0.0 i386
• S.u.S.E. Linux 7.0.0 ppc
• S.u.S.E. Linux 7.0.0 sparc
• S.u.S.E. Linux 7.1.0 alpha
• S.u.S.E. Linux 7.1.0 ppc
• S.u.S.E. Linux 7.1.0 sparc
• S.u.S.E. Linux 7.1.0 x86
• S.u.S.E. Linux 7.2.0 i386
• S.u.S.E. Linux 7.3.0 i386
• S.u.S.E. Linux 7.3.0 ppc
• S.u.S.E. Linux 7.3.0 sparc
• SCO Open Server 5.0.0
• SCO Open Server 5.0.1
• SCO Open Server 5.0.2
• SCO Open Server 5.0.3
• SCO Open Server 5.0.4
• SCO Open Server 5.0.5
• SCO Open Server 5.0.6
• SCO Open Server 5.0.6 a
• SCO Open Server 5.0.7
• SCO eDesktop 2.4.0
• SCO eServer 2.3.0
• SCO eServer 2.3.1
• Sun Linux 5.0.7
• Turbolinux Turbolinux 4.0.0
• Turbolinux Turbolinux 6.0.0
• Turbolinux Turbolinux 6.0.1
• Turbolinux Turbolinux 6.0.2
• Turbolinux Turbolinux 6.0.3
• Turbolinux Turbolinux 6.0.4
• Turbolinux Turbolinux 6.0.5
• Turbolinux Turbolinux Advanced Server 6.0.0
• Turbolinux Turbolinux Server 6.1.0
• Turbolinux Turbolinux Workstation 6.0.0
• Turbolinux Turbolinux Workstation 6.1.0
• Washington University wu-ftpd 2.4.2 (beta 18) VR4
• Washington University wu-ftpd 2.5.0 .0
• Washington University wu-ftpd 2.6.0 .0
• Washington University wu-ftpd 2.6.1
• Washington University wu-ftpd 2.6.2
• WireX Immunix OS 6.2.0
• WireX Immunix OS 7+
• WireX Immunix OS 7.0.0
• WireX Immunix OS 7.0.0 -Beta
• anonFTP anonFTP 3.0.0

References:

• SecuriTeam: SecuriTeam Home Page

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.