Date: Fri, 1 Dec 2000 03:14:17 -0800 From: Kris Kennaway <kris@FreeBSD.ORG> To: Nevermind <never@nevermind.kiev.ua> Cc: Kris Kennaway <kris@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG Subject: Re: Important!! Vulnerability in standard ftpd Message-ID: <20001201031417.A44830@citusc17.usc.edu> In-Reply-To: <20001201124114.I2185@nevermind.kiev.ua>; from never@nevermind.kiev.ua on Fri, Dec 01, 2000 at 12:41:14PM %2B0200 References: <20001201122124.H2185@nevermind.kiev.ua> <20001201022909.A44090@citusc17.usc.edu> <20001201124114.I2185@nevermind.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
--tKW2IUtsqtDRztdT Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Dec 01, 2000 at 12:41:14PM +0200, Nevermind wrote: > > Check what out? Probably your machine has some other vulnerability > > which was leveraged. You have given us nothing here beyond showing > > that your ftp server has a world writable directory. > I cannot find now files I've found few month ago. > You should contact better man, who had found ~tmp. dirs in his incoming (= it is > in parallel thread). >=20 > He surely can find hidden files using fsck. > He should look afair in /var/games/ You have come in and cried "Wolf!" (see subject line) and you don't have any evidence to back up your claim? That's fairly annoying to the people you have now caused to panic about some new super-secret ftp exploit. It is *much* more likely that your machine had some other well-known vulnerability which you overlooked, and this is actually what your attackers exploited. So far all you've shown is that you had a world-writable public directory which some people uploaded files to. If someone can upload files, it's much easier for them to take advantage of *other* security weaknesses on your system which require a local file to work. Guys, until someone can produce evidence that ftpd itself was actually the entrance vector and not just an incidental factor to some other vulnerability, I wouldn't worry about FreeBSD ftpd security problems. Of course, public writable directories have been, and always will be, a bad thing for your system security no matter what ftpd you use. Kris --tKW2IUtsqtDRztdT Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjoniAkACgkQWry0BWjoQKWnuwCg/g+PfaLXzV2GNxFEkWinJqeX UtYAoLU2nmeyDUdA+/YAVBl46jAhLpw7 =yLIX -----END PGP SIGNATURE----- --tKW2IUtsqtDRztdT-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001201031417.A44830>