Date: Fri, 1 Dec 2000 06:18:01 -0500 (EST) From: Joe Oliveiro <joe@advancewebhosting.com> To: Kris Kennaway <kris@FreeBSD.ORG> Cc: Nevermind <never@nevermind.kiev.ua>, freebsd-security@FreeBSD.ORG Subject: Re: Important!! Vulnerability in standard ftpd Message-ID: <Pine.BSF.4.21.0012010616410.11075-100000@joe.pythonvideo.com> In-Reply-To: <20001201031417.A44830@citusc17.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
FreeBSD - The BEST upgrade you can do to NT! On Fri, 1 Dec 2000, Kris Kennaway wrote: > On Fri, Dec 01, 2000 at 12:41:14PM +0200, Nevermind wrote: > > > > Check what out? Probably your machine has some other vulnerability > > > which was leveraged. You have given us nothing here beyond showing > > > that your ftp server has a world writable directory. > > I cannot find now files I've found few month ago. > > You should contact better man, who had found ~tmp. dirs in his incoming (it is > > in parallel thread). > > > > He surely can find hidden files using fsck. > > He should look afair in /var/games/ > > You have come in and cried "Wolf!" (see subject line) and you don't > have any evidence to back up your claim? That's fairly annoying to the > people you have now caused to panic about some new super-secret ftp > exploit. It is *much* more likely that your machine had some other > well-known vulnerability which you overlooked, and this is actually > what your attackers exploited. > > So far all you've shown is that you had a world-writable public > directory which some people uploaded files to. If someone can upload > files, it's much easier for them to take advantage of *other* security > weaknesses on your system which require a local file to work. > > Guys, until someone can produce evidence that ftpd itself was actually > the entrance vector and not just an incidental factor to some other > vulnerability, I wouldn't worry about FreeBSD ftpd security > problems. Of course, public writable directories have been, and always > will be, a bad thing for your system security no matter what ftpd you > use. > > Kris > Why take the chance. i restrict access to ftpd via ipfw. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0012010616410.11075-100000>