Date: Fri, 1 Dec 2000 12:27:14 +0200 (SAST) From: Justin Stanford <jus@security.za.net> To: Nevermind <never@nevermind.kiev.ua> Cc: freebsd-security@freebsd.org, freebsd-stabe@freebsd.org Subject: Re: Important!! Vulnerability in standard ftpd Message-ID: <Pine.BSF.4.21.0012011226450.6208-100000@athena.za.net> In-Reply-To: <20001201122124.H2185@nevermind.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
Can anyone confirm this, that there is some kind of remotely workable vulnerability in the current stock ftpd (6.00LS)..? -- Justin Stanford 082 7402741 jus@security.za.net www.security.za.net IT Security and Solutions On Fri, 1 Dec 2000, Nevermind wrote: > Hello! > > The parallel thread are discussing suspicious > drwxr-xr-x ftp/staff 0 Jul 31 00:04 2000 incoming/* > dirs. I'm 100% sure that it is hack. I've been hacked few month ago this way. > (with standard ftpd) > > First I've found incoming/~tmp./ dir. > Then I've found suspicious process called "supa" (it may vary, I think). > I don't exactly remember how I found directory in which ls -la said: > ls: .: No such file or directory. > > This hack corrupts filesystem to make it's datadirs invisible. > fsck in single mode severeal times helps. > > It is ttyp* and ttyv* sniffer, logger, password cracker. > Please, check it out! > > -- > Alexandr P. Kovalenko http://nevermind.kiev.ua/ > NEVE-RIPE > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012011226450.6208-100000>