From owner-freebsd-security Sun Jun 8 15:48:36 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id PAA20856 for security-outgoing; Sun, 8 Jun 1997 15:48:36 -0700 (PDT) Received: from implode.root.com (implode.root.com [198.145.90.17]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id PAA20850 for ; Sun, 8 Jun 1997 15:48:33 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by implode.root.com (8.8.5/8.8.5) with SMTP id PAA00116; Sun, 8 Jun 1997 15:49:16 -0700 (PDT) Message-Id: <199706082249.PAA00116@implode.root.com> X-Authentication-Warning: implode.root.com: localhost [127.0.0.1] didn't use HELO protocol To: yossman cc: security@FreeBSD.ORG Subject: Re: ftpd security weakness on FreeBSD (fwd) In-reply-to: Your message of "Sun, 08 Jun 1997 12:17:06 EDT." From: David Greenman Reply-To: dg@root.com Date: Sun, 08 Jun 1997 15:49:16 -0700 Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >one of my users sent me this. just wondering if anyone has heard about >this before. he claims freebsd.org is affected. ... >---------- Forwarded message ---------- >Date: Sun, 1 Jun 1997 22:14:03 +1000 >To: yossman@canweb.net >Subject: ftpd security weakness on FreeBSD > >Yoss, > >FreeBSD's ftpd has a bug (although I dont know if its a fetaure of FTP protocol >or not (maybe newer RFC's discuss it)). >Its possible to semi-hijack the ftpd into doing portscans to arbitrary >hosts/ports. A good replacement would be wu-ftp 2.4.2 beta 11 or later. There are options for disallowing PORT commands to remote ports less than 1024 (priviledged ports) or addresses other than the originator's. Enabling these options will violate the FTP RFC and might break support for ftp proxies. The options were added to FreeBSD on Aug. 5, '96. -DG David Greenman Core-team/Principal Architect, The FreeBSD Project