Date: Mon, 7 Jun 1999 19:04:09 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: Igor Roshchin <igor@physics.uiuc.edu> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Q.: any new ftp vulnerabilities ? Message-ID: <199906080204.TAA31422@apollo.backplane.com> References: <199906061755.MAA03136@alecto.physics.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
:Hello! : :I have observed a few occasions when some people were establishing :multiple connections to the ftp server within the last week (there is no :anonymous access, so it should not be "by mistake"). :Usually, the logs do not indicate any attempt of login, even :as anonymous. The frequency of connects (reported by tcpwrapper) is not too :high, but probably indicated that those are launched by a script :(about 25-35 connections within 2-5 minutes). : :I haven't seen any new security hole or DOS vulnerability in any ftpd recently :(except the one found in February or so, regarding the realpath, :and some similar issues, but that hole would not require multiple :connects), so I wonder if anybody has observed anything similar, :and if anybody knows of any new vulnerability ? : :IgoR : :PS. The machine is running 2.2.7 and wu-ftpd-2.4.2v17. There was a login overflow root exploit w/ anonymous FTP but I think it was fixed in v16. However, since I left BEST I haven't been keeping up with wu-ftpd bugs so I do not know if any new problems have occured. I do seem to recall that the *new* version of wu-ftpd ( 3.x or something like that ) introduced a bunch of new exploitable holes which they then scrambled to close. Doh! There was also a recent hole found on Linux boxes due to the implementation of a directory pathing routine in libc, but FreeBSD's version of the routine is not vulnerable. -Matt Matthew Dillon <dillon@backplane.com> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906080204.TAA31422>