Date: Tue, 22 May 2001 21:50:34 -0700 From: Kris Kennaway <kris@obsecurity.org> To: "Sergey N. Voronkov" <serg@tmn.ru> Cc: Kris Kennaway <kris@obsecurity.org>, freebsd-security@FreeBSD.ORG Subject: Re: Is there a ftp vuln in 4.3-STABLE Message-ID: <20010522215034.A36060@xor.obsecurity.org> In-Reply-To: <20010523100448.A15088@sv.tech.sibitex.tmn.ru>; from serg@tmn.ru on Wed, May 23, 2001 at 10:04:48AM %2B0600 References: <000501c0e316$7deb4450$45d8db40@mhx800> <Pine.BSF.4.32.0105222026040.1300-100000@magnetar.blackhatnetworks.com> <20010522193952.A33978@xor.obsecurity.org> <20010523100448.A15088@sv.tech.sibitex.tmn.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--sm4nu43k4a2Rpi4c Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, May 23, 2001 at 10:04:48AM +0600, Sergey N. Voronkov wrote: > On Tue, May 22, 2001 at 07:39:52PM -0700, Kris Kennaway wrote: > > On Tue, May 22, 2001 at 08:26:29PM -0400, Alex wrote: > > > Is this a FreeBSD specific FTP vulnerability? > > >=20 > > > -Alex > > >=20 > > > On Tue, 22 May 2001, Ryan wrote: > > >=20 > > > > There is an ftp vuln... I do not have any details on it sorry.. Som= e kinda > > > > overflow.. I would run proftpd > >=20 > > No-one has informed the security-officer about any new vulnerability > > in FreeBSD (or for that matter, about third party ftpd ports). It's > > probably worthwhile not flying into a panic until someone actually > > provides some corroborating evidence. > >=20 >=20 > When I'v found this staff in my logfiles I'v change native ftpd to luke's > one. Sorry, can't get core to you... And don't want to setup native daemon > to provide potential hole to someone. >=20 > May 16 15:50:34 ftp /kernel: pid 5272 (ftpd), uid 14: exited on signal 11 > May 17 21:02:20 ftp /kernel: pid 11157 (ftpd), uid 14: exited on signal 11 >=20 > Also I have one questtion: how to setup ftpd to allow it dumping core to > specified destination? Use the kern.corefile sysctl Kris --sm4nu43k4a2Rpi4c Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE7C0GaWry0BWjoQKURAknjAJ9rCydNeVeCHMDHMOTcG7NJiFPwnwCgvlJn 0FYHr7vjFYu1ra7XLlzbLAM= =Bwza -----END PGP SIGNATURE----- --sm4nu43k4a2Rpi4c-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010522215034.A36060>