Date: Mon, 14 Oct 1996 04:52:09 -0700 (PDT) From: rkozak@bdk.lublin.pl To: freebsd-gnats-submit@freebsd.org Subject: bin/1805: Bug in ftpd Message-ID: <199610141152.EAA23237@freefall.freebsd.org> Resent-Message-ID: <199610141200.FAA23568@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 1805 >Category: bin >Synopsis: Bug in ftpd >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: change-request >Submitter-Id: current-users >Arrival-Date: Mon Oct 14 05:00:01 PDT 1996 >Last-Modified: >Originator: Robert Kozak >Organization: BDK w Lublinie S.A. >Release: FreeBSD 2.1.5-RELEASE >Environment: FreeBSD celebris1.bdk.lublin.pl 2.1.5-RELEASE FreeBSD 2.1.5-RELEASE #0: Thu Sep 5 13:21:39 MET DST 1996 root@celebris1.bdk.lublin.pl:/usr/src/sys/compile/ RKKERNEL i386 >Description: While user is connected to server via ftp, the process ftpd is owned by this user. When ftpd is abnormally termineted (e.g. kill -11 <ftpd-id>) the memory image of this process is writed to file ftpd.core in home dir. This file contain encrypted passwords all users on this machine. >How-To-Repeat: 1. ftp localhost name: username password: **** 2. On second terminal: a) ps -ax | grep localhost b) kill -11 <PID> c) strings ~/ftpd.core | less (you will see all encrypted passwords). >Fix: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610141152.EAA23237>