From owner-freebsd-security  Fri Dec  1  2:48: 7 2000
Delivered-To: freebsd-security@freebsd.org
Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20])
	by hub.freebsd.org (Postfix) with ESMTP
	id 65CFB37B6BB; Fri,  1 Dec 2000 02:48:04 -0800 (PST)
Received: (from bright@localhost)
	by fw.wintelcom.net (8.10.0/8.10.0) id eB1Alun09933;
	Fri, 1 Dec 2000 02:47:56 -0800 (PST)
Date: Fri, 1 Dec 2000 02:47:56 -0800
From: Alfred Perlstein <bright@wintelcom.net>
To: Nevermind <never@nevermind.kiev.ua>
Cc: freebsd-security@FreeBSD.ORG, freebsd-stabe@FreeBSD.ORG
Subject: Re: Important!! Vulnerability in standard ftpd
Message-ID: <20001201024756.S8051@fw.wintelcom.net>
References: <20001201122124.H2185@nevermind.kiev.ua>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20001201122124.H2185@nevermind.kiev.ua>; from never@nevermind.kiev.ua on Fri, Dec 01, 2000 at 12:21:24PM +0200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

* Nevermind <never@nevermind.kiev.ua> [001201 02:21] wrote:
> Hello!
> 
> The parallel thread are discussing suspicious 
>  drwxr-xr-x ftp/staff         0 Jul 31 00:04 2000 incoming/*
> dirs. I'm 100% sure that it is hack. I've been hacked few month ago this way.
> (with standard ftpd)

You wouldn't be the only one, you most likely got hacked through
some other service or insecure permissions.

-- 
-Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org]
"I have the heart of a child; I keep it in a jar on my desk."


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message