From owner-freebsd-bugs Wed Aug 30 16:30: 6 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id D00A937B440 for ; Wed, 30 Aug 2000 16:30:01 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id QAA60389; Wed, 30 Aug 2000 16:30:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 28E5737B443; Wed, 30 Aug 2000 16:27:57 -0700 (PDT) Message-Id: <20000830232757.28E5737B443@hub.freebsd.org> Date: Wed, 30 Aug 2000 16:27:57 -0700 (PDT) From: wmd@clearLearning.com To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-1.0 Subject: bin/20952: ftpd doesn't honor account expiration time Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 20952 >Category: bin >Synopsis: ftpd doesn't honor account expiration time >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Aug 30 16:30:01 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Malcolm Duncan >Release: 4.0 >Organization: ClearLearning >Environment: FreeBSD XXX.clearlearning.com 4.0-STABLE FreeBSD 4.0-STABLE #0: Wed Jul 19 15:11:19 EST 2000 root@XXX.clearlearning.com:/usr/src /sys/compile/CLEARLEARNING i386 >Description: If a login account has an expiration date associated with it and that date passes, ftpd still allows login. >How-To-Repeat: Change the expiration date on an account with pw(1) and you'll still be able to login via FTP. >Fix: I would assume that FTPd should check the expiration date of an account as part of its security checks. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message