From owner-freebsd-security  Sun Jun  8 19:05:23 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id TAA27613
          for security-outgoing; Sun, 8 Jun 1997 19:05:23 -0700 (PDT)
Received: from mail.telcentral.com (mail.telcentral.com [207.211.70.7])
          by hub.freebsd.org (8.8.5/8.8.5) with SMTP id TAA27608
          for <security@FreeBSD.ORG>; Sun, 8 Jun 1997 19:05:20 -0700 (PDT)
Received: from mail.telcentral.com by mail.telcentral.com (NTMail 3.02.10) with ESMTP id la009579 for <security@FreeBSD.ORG>; Sun, 8 Jun 1997 21:05:11 -0500
Message-Id: <3.0.32.19970608210325.009c66a0@mail.telcentral.net>
X-Sender: darkstar@mail.telcentral.net
X-Mailer: Windows Eudora Pro Version 3.0 (32)
Date: Sun, 08 Jun 1997 21:03:28 -0400
To: dg@root.com, yossman <yossman@yoss.canweb.net>
From: Mark Rollings <darkstar@telcentral.net>
Subject: Re: ftpd security weakness on FreeBSD (fwd) 
Cc: security@FreeBSD.ORG
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Above any of the below mentioned deficiencies in the ftpd, CERT recently
released an advisory on the ftpd for practically all OS's.  The replacement
mentioned below is not satisfactory in order to properly prevent attacks
covered in the advisory.  wu-ftp-2.4.2-beta-13 is the correct ftpd to
compile for FreeBSD based machines.  The advisory can be found in complete
form at CERT.   www.cert.org.


Mark Rollings
Systems Administrator
TelCentral Internet
www.telcentral.net
darkstar@telcentral.net

At 03:49 PM 6/8/97 -0700, David Greenman wrote:
>>one of my users sent me this.  just wondering if anyone has heard about
>>this before.  he claims freebsd.org is affected.
>...
>>---------- Forwarded message ----------
>>Date: Sun, 1 Jun 1997 22:14:03 +1000
>>To: yossman@canweb.net
>>Subject: ftpd security weakness on FreeBSD
>>
>>Yoss,
>>
>>FreeBSD's ftpd has a bug (although I dont know if its a fetaure of FTP
protocol
>>or not (maybe newer RFC's discuss it)).
>>Its possible to semi-hijack the ftpd into doing portscans to arbitrary
>>hosts/ports. A good replacement would be wu-ftp 2.4.2 beta 11 or later.
>
>   There are options for disallowing PORT commands to remote ports less than
>1024 (priviledged ports) or addresses other than the originator's. Enabling
>these options will violate the FTP RFC and might break support for ftp
>proxies. The options were added to FreeBSD on Aug. 5, '96.
>
>-DG
>
>David Greenman
>Core-team/Principal Architect, The FreeBSD Project
>