From owner-freebsd-security  Fri Dec  1  3: 0:39 2000
Delivered-To: freebsd-security@freebsd.org
Received: from nevermind.kiev.ua (unknown [212.109.53.33])
	by hub.freebsd.org (Postfix) with ESMTP id BB41537B400
	for <freebsd-security@FreeBSD.ORG>; Fri,  1 Dec 2000 03:00:34 -0800 (PST)
Received: (from never@localhost)
	by nevermind.kiev.ua (8.11.1/8.11.1) id eB1B0Jr30766;
	Fri, 1 Dec 2000 13:00:19 +0200 (EET)
	(envelope-from never)
Date: Fri, 1 Dec 2000 13:00:19 +0200
From: Nevermind <never@nevermind.kiev.ua>
To: Matjaz Martincic <matjaz.martincic@hermes.si>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Important!! Vulnerability in standard ftpd
Message-ID: <20001201130018.L2185@nevermind.kiev.ua>
References: <EA63CEA50DF8D311ABAD00B0D0211732211A0A@hal9000.hermes.si>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <EA63CEA50DF8D311ABAD00B0D0211732211A0A@hal9000.hermes.si>; from matjaz.martincic@hermes.si on Fri, Dec 01, 2000 at 11:56:20AM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hello, Matjaz Martincic!

On Fri, Dec 01, 2000 at 11:56:20AM +0100, you wrote:

> Hi Alexandr,
> 
> >No, I had only trusted non-anonymous ftp accounts. And sure, very-trusted
> shell
> >accounts. All of them have full sudo, but all of us were using only ssh,
> >telnetd was closed, noone accessed to non-anonymous ftp from outside
> network.
> 
> Well, that seems like a problem then. What release were(are) you using when
> you find out that you've been compromised?
I was using 4.1-STABLE when was hacked. Now I'm using 4.2-STABLE
and proftpd.

-- 
Alexandr P. Kovalenko	http://nevermind.kiev.ua/
NEVE-RIPE


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message