From owner-freebsd-bugs Mon Aug 6 6:50: 9 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id AB34837B403 for ; Mon, 6 Aug 2001 06:50:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.4/8.11.4) id f76Do1I23699; Mon, 6 Aug 2001 06:50:01 -0700 (PDT) (envelope-from gnats) Received: from mgate11.so-net.ne.jp (mgate11.so-net.ne.jp [210.139.254.158]) by hub.freebsd.org (Postfix) with ESMTP id 4046F37B405 for ; Mon, 6 Aug 2001 06:45:43 -0700 (PDT) (envelope-from ipfw@ya3.so-net.ne.jp) Received: from mail.ya3.so-net.ne.jp (mspool11.so-net.ne.jp [210.139.248.11]) by mgate11.so-net.ne.jp (8.9.3/3.7W01060506) with ESMTP id WAA22662 for ; Mon, 6 Aug 2001 22:45:42 +0900 (JST) Received: from localhost (pdf4a47.kngwnt01.ap.so-net.ne.jp [202.223.74.71]) by mail.ya3.so-net.ne.jp with ESMTP id f76DjeX26619 for ; Mon, 6 Aug 2001 22:45:41 +0900 (JST) Message-Id: <20010806224917T.koya@pluto.math.yokohama-cu.ac.jp> Date: Mon, 06 Aug 2001 22:49:17 +0900 From: Yoshihiro Koya To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.113 Subject: bin/29487: ftpd leaks password typed as username by mistake Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >Number: 29487 >Category: bin >Synopsis: ftpd leaks password typed as username by mistake >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Aug 06 06:50:01 PDT 2001 >Closed-Date: >Last-Modified: >Originator: Yoshihiro Koya >Release: FreeBSD 4.4-PRERELEASE i386 >Organization: Yokohama City Univ., Dept. of Math. Sci. >Environment: System: FreeBSD presario.my.domain 4.4-PRERELEASE FreeBSD 4.4-PRERELEASE #0: Mon Aug 6 18:00:24 JST 2001 root@presario.my.domain:/usr/obj/usr/src/sys/presario i386 ftpd.c: $FreeBSD: src/libexec/ftpd/ftpd.c,v 1.62.2.10 2001/07/19 05:44:08 dd Exp $ >Description: It might quite often to type the password instead of username to ftp clients by mistake. In that case, ftpd(8) on FreeBSD logges the usenames into /var/log/messages as follows Aug 6 22:19:28 presario ftpd[814]: FTP LOGIN FAILED FROM localhost, mypass On the other hand, evey user on the system can access /var/log/messages. It might cause security related problems. >How-To-Repeat: Type your password as a username to ftp. And check your /var/log/messages. >Fix: Index: ftpd.c =================================================================== RCS file: /home/ncvs/src/libexec/ftpd/ftpd.c,v retrieving revision 1.62.2.10 diff -u -r1.62.2.10 ftpd.c --- ftpd.c 2001/07/19 05:44:08 1.62.2.10 +++ ftpd.c 2001/08/06 13:34:11 @@ -1228,9 +1228,15 @@ if (rval) { reply(530, "Login incorrect."); if (logging) - syslog(LOG_NOTICE, - "FTP LOGIN FAILED FROM %s, %s", - remotehost, curname); + if (getpwnam(curname)){ + syslog(LOG_NOTICE, + "FTP LOGIN FAILED FROM %s, %s", + remotehost, curname); + } else { + syslog(LOG_NOTICE, + "FTP LOGIN FAILED FROM %s, (unknown user)", + remotehost); + } pw = NULL; if (login_attempts++ >= 5) { syslog(LOG_NOTICE, >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message