Date: Wed, 1 Aug 2001 13:44:25 -0500 From: "Thomas T. Veldhouse" <veldy@veldy.net> To: "Maximum" <m-a-x-i-m-u-m@mail.ru>, <freebsd-security@FreeBSD.ORG>, "Brett Glass" <brett@lariat.org> Subject: Re: Trojan injected in my Freebsd 4.1-RELEASE Message-ID: <012401c11ab9$fde2dda0$3028680a@tgt.com> References: <4.3.2.7.2.20010801115333.0476d100@localhost> <4.3.2.7.2.20010801123827.046907f0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
I have been running 4.3-STABLE (as of 7-1-2001). Still exploitable then apparently. Tom Veldhouse veldy@veldy.net ----- Original Message ----- From: "Brett Glass" <brett@lariat.org> To: "Thomas T. Veldhouse" <veldy@veldy.net>; "Maximum" <m-a-x-i-m-u-m@mail.ru>; <freebsd-security@FreeBSD.ORG> Sent: Wednesday, August 01, 2001 1:42 PM Subject: Re: Trojan injected in my Freebsd 4.1-RELEASE > At 12:19 PM 8/1/2001, Thomas T. Veldhouse wrote: > > >Somebody keeps trying to install something through my FTPd when it is setup > >to allow anonymous users (no directories available for upload either). > > Ah, that's it. There was a local buffer overflow exploit in the BSD FTPd > that could be exploited by the "anonymous" user. This was fixed between > 4.2-RELEASE and 4.3-RELEASE, IIRC. > > --Brett > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?012401c11ab9$fde2dda0$3028680a>