Date: Wed, 01 Aug 2001 12:42:04 -0600 From: Brett Glass <brett@lariat.org> To: "Thomas T. Veldhouse" <veldy@veldy.net>, "Maximum" <m-a-x-i-m-u-m@mail.ru>, <freebsd-security@FreeBSD.ORG> Subject: Re: Trojan injected in my Freebsd 4.1-RELEASE Message-ID: <4.3.2.7.2.20010801123827.046907f0@localhost> In-Reply-To: <00fb01c11ab6$829c83b0$3028680a@tgt.com> References: <4.3.2.7.2.20010801115333.0476d100@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:19 PM 8/1/2001, Thomas T. Veldhouse wrote: >Somebody keeps trying to install something through my FTPd when it is setup >to allow anonymous users (no directories available for upload either). Ah, that's it. There was a local buffer overflow exploit in the BSD FTPd that could be exploited by the "anonymous" user. This was fixed between 4.2-RELEASE and 4.3-RELEASE, IIRC. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.3.2.7.2.20010801123827.046907f0>