Date: Wed, 26 Nov 1997 12:34:06 +1100 (EST) From: "Daniel O'Callaghan" <danny@panda.hilink.com.au> To: warpy <warpy@suburbia.com.au> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Possible problem with ftpd 6.00 Message-ID: <Pine.BSF.3.91.971126114138.28543E-100000@panda.hilink.com.au> In-Reply-To: <Pine.BSF.3.96.971125094506.991A-100000@typhoon>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 25 Nov 1997, warpy wrote: > This morning I noticed something I didn't think should be happening. That > being the password being used by an anonymous user logging into ftp > showing up in the process list. However this did not happen when I logged > in as a normal user. Obviously there isn't much upon first glance that can > be done to exploit it (at least I think so), but does it need to occur at > all? > > Name (localhost:warpy): ftp > 331 Guest login ok, send your email address as password. > 951 ?? IWs 0:00.12 ftpd: localhost: anonymous/ftp@: SYST\r\n (ftpd) Since people send their e-mail address as a password, it can be interesting to see who is logged on. This is a feature, not a bug. Danny
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.971126114138.28543E-100000>