HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Big FTP bug with 11.0 ... is this new?
Operating System - HP-UX
1833780
Members
2627
Online
110063
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-02-2004 10:27 AM
12-02-2004 10:27 AM
Hello
We just found a huge ftp bug in our system.
It seems that if log in though your web browser like so.
ftp:// yourftpuser:yourpassword@home.mydomain.com
contains a space after //
you log into your home directory.
ftp://yourftpuser:yourpassword@home.mydomain.com
does not have a space after //
well to put it short when you put the spage after the // you have root acess to the whole system.
Any ideas?
Richard
We just found a huge ftp bug in our system.
It seems that if log in though your web browser like so.
ftp:// yourftpuser:yourpassword@home.mydomain.com
contains a space after //
you log into your home directory.
ftp://yourftpuser:yourpassword@home.mydomain.com
does not have a space after //
well to put it short when you put the spage after the // you have root acess to the whole system.
Any ideas?
Richard
Solved! Go to Solution.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-02-2004 10:50 AM
12-02-2004 10:50 AM
Solution
swlist -l product | grep -i ftp
What version and vendor of ftp are we running here.
There have been several security alerts on ftp and enhancements available at http://software.hp.com
Several of the security alerts required binary upgrades.
One of the most disconcerting was the one that ignored ftpaccess file blocking root ftp access.
SEP
What version and vendor of ftp are we running here.
There have been several security alerts on ftp and enhancements available at http://software.hp.com
Several of the security alerts required binary upgrades.
One of the most disconcerting was the one that ignored ftpaccess file blocking root ftp access.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-02-2004 10:51 AM
12-02-2004 10:51 AM
Re: Big FTP bug with 11.0 ... is this new?
What browser are you using?
I just attempted this with IE on an MS W2K server and could not get logged in with a space after the //. It just kept prompting me for a different username and password.
I may try some more tests from work tomorrow (I'm at home now) where I have more broswers loaded on my WinXP Pro machine.
Also, are you up to date on FTP patches on your machine? You might try searching the ITRC Patch DB and see what FTP patches are available.
I just attempted this with IE on an MS W2K server and could not get logged in with a space after the //. It just kept prompting me for a different username and password.
I may try some more tests from work tomorrow (I'm at home now) where I have more broswers loaded on my WinXP Pro machine.
Also, are you up to date on FTP patches on your machine? You might try searching the ITRC Patch DB and see what FTP patches are available.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-02-2004 04:36 PM
12-02-2004 04:36 PM
Re: Big FTP bug with 11.0 ... is this new?
Went to software.hp.com and upgraded to WU-FTP 2.61.
Richard
Richard
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP