From owner-freebsd-security  Mon Jun  7 19: 5:45 1999
Delivered-To: freebsd-security@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [209.157.86.2])
	by hub.freebsd.org (Postfix) with ESMTP id E557C1502B
	for <freebsd-security@FreeBSD.ORG>; Mon,  7 Jun 1999 19:04:11 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id TAA31422;
	Mon, 7 Jun 1999 19:04:09 -0700 (PDT)
	(envelope-from dillon)
Date: Mon, 7 Jun 1999 19:04:09 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <199906080204.TAA31422@apollo.backplane.com>
To: Igor Roshchin <igor@physics.uiuc.edu>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Q.: any new ftp vulnerabilities ?
References:  <199906061755.MAA03136@alecto.physics.uiuc.edu>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

:Hello!
:
:I have observed a few occasions when some people were establishing 
:multiple connections to the ftp server within the last week (there is no
:anonymous access, so it should not be "by mistake").
:Usually, the logs do not indicate any attempt of login, even
:as anonymous. The frequency of connects (reported by tcpwrapper) is not too 
:high, but probably indicated that those are launched by a script
:(about 25-35 connections within 2-5 minutes).
:
:I haven't seen any new security hole or DOS vulnerability in any ftpd recently
:(except the one found in February or so, regarding the realpath,
:and some similar issues, but that hole would not require multiple
:connects), so I wonder if anybody has observed anything similar,
:and if anybody knows of any new vulnerability ?
:
:IgoR
:
:PS. The machine is running 2.2.7 and wu-ftpd-2.4.2v17.

    There was a login overflow root exploit w/ anonymous FTP but I think
    it was fixed in v16.  However, since I left BEST I haven't been keeping up
    with wu-ftpd bugs so I do not know if any new problems have occured.  I
    do seem to recall that the *new* version of wu-ftpd ( 3.x or something
    like that ) introduced a bunch of new exploitable holes which they then
    scrambled to close.  Doh!  There was also a recent hole found on Linux 
    boxes due to the implementation of a directory pathing routine in libc,
    but FreeBSD's version of the routine is not vulnerable. 

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message