From owner-freebsd-security  Wed Aug  1 11:42:38 2001
Delivered-To: freebsd-security@freebsd.org
Received: from lariat.org (lariat.org [12.23.109.2])
	by hub.freebsd.org (Postfix) with ESMTP id 861AA37B401
	for <freebsd-security@FreeBSD.ORG>; Wed,  1 Aug 2001 11:42:34 -0700 (PDT)
	(envelope-from brett@lariat.org)
Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.org [12.23.109.2])
	by lariat.org (8.9.3/8.9.3) with ESMTP id MAA17754;
	Wed, 1 Aug 2001 12:42:12 -0600 (MDT)
Message-Id: <4.3.2.7.2.20010801123827.046907f0@localhost>
X-Sender: brett@localhost
X-Mailer: QUALCOMM Windows Eudora Version 4.3.2
Date: Wed, 01 Aug 2001 12:42:04 -0600
To: "Thomas T. Veldhouse" <veldy@veldy.net>,
	"Maximum" <m-a-x-i-m-u-m@mail.ru>, <freebsd-security@FreeBSD.ORG>
From: Brett Glass <brett@lariat.org>
Subject: Re: Trojan injected in my Freebsd 4.1-RELEASE
In-Reply-To: <00fb01c11ab6$829c83b0$3028680a@tgt.com>
References: <4.3.2.7.2.20010801115333.0476d100@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

At 12:19 PM 8/1/2001, Thomas T. Veldhouse wrote:
  
>Somebody keeps trying to install something through my FTPd when it is setup
>to allow anonymous users (no directories available for upload either).  

Ah, that's it. There was a local buffer overflow exploit in the BSD FTPd 
that could be exploited by the "anonymous" user. This was fixed between
4.2-RELEASE and 4.3-RELEASE, IIRC.

--Brett


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message