From owner-freebsd-security  Tue Nov 25 17:34:33 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id RAA27695
          for security-outgoing; Tue, 25 Nov 1997 17:34:33 -0800 (PST)
          (envelope-from owner-freebsd-security)
Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id RAA27689
          for <freebsd-security@FreeBSD.ORG>; Tue, 25 Nov 1997 17:34:26 -0800 (PST)
          (envelope-from danny@panda.hilink.com.au)
Received: (from danny@localhost)
	by panda.hilink.com.au (8.8.5/8.8.5) id MAA00567;
	Wed, 26 Nov 1997 12:34:07 +1100 (EST)
Date: Wed, 26 Nov 1997 12:34:06 +1100 (EST)
From: "Daniel O'Callaghan" <danny@panda.hilink.com.au>
To: warpy <warpy@suburbia.com.au>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: Possible problem with ftpd 6.00
In-Reply-To: <Pine.BSF.3.96.971125094506.991A-100000@typhoon>
Message-ID: <Pine.BSF.3.91.971126114138.28543E-100000@panda.hilink.com.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk


On Tue, 25 Nov 1997, warpy wrote:

> This morning I noticed something I didn't think should be happening. That
> being the password being used by an anonymous user logging into ftp 
> showing up in the process list. However this did not happen when I logged
> in as a normal user. Obviously there isn't much upon first glance that can
> be done to exploit it (at least I think so), but does it need to occur at
> all?
> 
> Name (localhost:warpy): ftp
> 331 Guest login ok, send your email address as password. 

> 951  ??  IWs    0:00.12 ftpd: localhost: anonymous/ftp@: SYST\r\n (ftpd)

Since people send their e-mail address as a password, it can be 
interesting to see who is logged on.  This is a feature, not a bug.

Danny