From owner-freebsd-security Wed Aug 1 11:46:14 2001 Delivered-To: freebsd-security@freebsd.org Received: from veldy.net (w028.z064001117.msp-mn.dsl.cnc.net [64.1.117.28]) by hub.freebsd.org (Postfix) with ESMTP id 294CD37B401 for ; Wed, 1 Aug 2001 11:46:11 -0700 (PDT) (envelope-from veldy@veldy.net) Received: from HP2500B (localhost.veldy.net [127.0.0.1]) by veldy.net (Postfix) with SMTP id 6D19CBABB; Wed, 1 Aug 2001 13:46:05 -0500 (CDT) Message-ID: <012401c11ab9$fde2dda0$3028680a@tgt.com> From: "Thomas T. Veldhouse" To: "Maximum" , , "Brett Glass" References: <4.3.2.7.2.20010801115333.0476d100@localhost> <4.3.2.7.2.20010801123827.046907f0@localhost> Subject: Re: Trojan injected in my Freebsd 4.1-RELEASE Date: Wed, 1 Aug 2001 13:44:25 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have been running 4.3-STABLE (as of 7-1-2001). Still exploitable then apparently. Tom Veldhouse veldy@veldy.net ----- Original Message ----- From: "Brett Glass" To: "Thomas T. Veldhouse" ; "Maximum" ; Sent: Wednesday, August 01, 2001 1:42 PM Subject: Re: Trojan injected in my Freebsd 4.1-RELEASE > At 12:19 PM 8/1/2001, Thomas T. Veldhouse wrote: > > >Somebody keeps trying to install something through my FTPd when it is setup > >to allow anonymous users (no directories available for upload either). > > Ah, that's it. There was a local buffer overflow exploit in the BSD FTPd > that could be exploited by the "anonymous" user. This was fixed between > 4.2-RELEASE and 4.3-RELEASE, IIRC. > > --Brett > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message