Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 8 Jun 1997 12:17:06 -0400 (EDT)
From:      yossman <yossman@yoss.canweb.net>
To:        security@freebsd.org
Subject:   ftpd security weakness on FreeBSD (fwd)
Message-ID:  <Pine.BSF.3.95q.970608121429.19624J-100000@yoss.canweb.net>

next in thread | raw e-mail | index | archive | help

one of my users sent me this.  just wondering if anyone has heard about
this before.  he claims freebsd.org is affected.


yossman

------------------------------------------------------------------------
Yossarian Holmberg (yossman)             yossman@canweb.net
System Administrator, National Online    http://www.canweb.net/~yossman/
my statements are my own, not my employer's -- i do not speak for them.

'... and if i die, before i learn to speak .. can money pay for all the
days i've lived awake but half asleep?' -- Primitive Radio Gods,
"Standing Outside a Broken Phone Booth With Money In My Hand"


---------- Forwarded message ----------
Date: Sun, 1 Jun 1997 22:14:03 +1000
To: yossman@canweb.net
Subject: ftpd security weakness on FreeBSD

Yoss,

FreeBSD's ftpd has a bug (although I dont know if its a fetaure of FTP protocol
or not (maybe newer RFC's discuss it)).
Its possible to semi-hijack the ftpd into doing portscans to arbitrary
hosts/ports. A good replacement would be wu-ftp 2.4.2 beta 11 or later.




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95q.970608121429.19624J-100000>