Strange logon to FTP

Dmitri A. Doulepov (dimaMERLIN.SAMSUNG.RU)
Tue, 23 Nov 1999 12:24:40 +0300

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: ðÉÞÕÇÉÎ ôÉÍÕÒ äÍÉÔÒÉÅ×ÉÞ: "Re: Blocking Spoofed Email"
• Previous message: Ussr Labs: "Remote DoS Attack in Vermillion FTP Daemon (VFTPD) v1.23 Vulnerability"

I recently found a strange thing. It looks for me like a bug.

1. Create a virtual FTP folders named /User1 and /User2 and point them to
some different physical folders.
2. Set permissions to folders:
        a. Remove EVERYONE from both folders
        b. Add:
            /User1:
                User1: Change
                SYSTEM: Change
            /User2
                User2: Change
                SYSTEM: Change
3. Logon as User1. You will be in a "/User1" folder. That's ok.
4. Type "cd /User2". Now you may see all files in /User2 folder with "dir"
command.

Now if you remove SYSTEM from /User2 and repeat steps 3 and 4 then you will
get "Access is denied" message.

I turned on auditing and it showed that after "cd" command folder "/User2"
was accesssed using SYSTEM account instead of User1 one.

I have a IIS 4, NT 4 server and SP5.

The problem is that a lot of sites all over the world shares one physical
computer and have FTP access. If the particular site has FrontPage
installed, then it has SYSTEM accound in the list of permissions and it is
possible to list files in its FTP folder.

If I'm wrong, please explain how to protect folders for other users from
anauthrized access. Now I can just remove SYSTEM account but it will break
FrontPage...

Sincerely,
    Dmitry A. Dulepov
    MCSE

• text/x-vcard attachment: Dmitri_A._Doulepov.vcf

• Next message: ðÉÞÕÇÉÎ ôÉÍÕÒ äÍÉÔÒÉÅ×ÉÞ: "Re: Blocking Spoofed Email"
• Previous message: Ussr Labs: "Remote DoS Attack in Vermillion FTP Daemon (VFTPD) v1.23 Vulnerability"

This archive was generated by hypermail 2.0b3 on Tue Nov 23 1999 - 09:48:58 CST