From owner-freebsd-security Fri Dec 1 3:18:11 2000 Delivered-To: freebsd-security@freebsd.org Received: from joe.pythonvideo.com (joe.pythonvideo.com [209.226.29.94]) by hub.freebsd.org (Postfix) with ESMTP id 9A97937B400; Fri, 1 Dec 2000 03:18:07 -0800 (PST) Received: from localhost (joe@localhost) by joe.pythonvideo.com (8.11.1/8.11.0) with ESMTP id eB1BI1w11194; Fri, 1 Dec 2000 06:18:02 -0500 (EST) (envelope-from joe@advancewebhosting.com) X-Authentication-Warning: joe.pythonvideo.com: joe owned process doing -bs Date: Fri, 1 Dec 2000 06:18:01 -0500 (EST) From: Joe Oliveiro X-Sender: joe@joe.pythonvideo.com To: Kris Kennaway Cc: Nevermind , freebsd-security@FreeBSD.ORG Subject: Re: Important!! Vulnerability in standard ftpd In-Reply-To: <20001201031417.A44830@citusc17.usc.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org FreeBSD - The BEST upgrade you can do to NT! On Fri, 1 Dec 2000, Kris Kennaway wrote: > On Fri, Dec 01, 2000 at 12:41:14PM +0200, Nevermind wrote: > > > > Check what out? Probably your machine has some other vulnerability > > > which was leveraged. You have given us nothing here beyond showing > > > that your ftp server has a world writable directory. > > I cannot find now files I've found few month ago. > > You should contact better man, who had found ~tmp. dirs in his incoming (it is > > in parallel thread). > > > > He surely can find hidden files using fsck. > > He should look afair in /var/games/ > > You have come in and cried "Wolf!" (see subject line) and you don't > have any evidence to back up your claim? That's fairly annoying to the > people you have now caused to panic about some new super-secret ftp > exploit. It is *much* more likely that your machine had some other > well-known vulnerability which you overlooked, and this is actually > what your attackers exploited. > > So far all you've shown is that you had a world-writable public > directory which some people uploaded files to. If someone can upload > files, it's much easier for them to take advantage of *other* security > weaknesses on your system which require a local file to work. > > Guys, until someone can produce evidence that ftpd itself was actually > the entrance vector and not just an incidental factor to some other > vulnerability, I wouldn't worry about FreeBSD ftpd security > problems. Of course, public writable directories have been, and always > will be, a bad thing for your system security no matter what ftpd you > use. > > Kris > Why take the chance. i restrict access to ftpd via ipfw. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message