Date: Wed, 11 Apr 2001 17:18:43 +0800 From: Eugene Grosbein <eugen@iname.com> To: Anton Vladimirov <admin128@mail.ru> Cc: security@FreeBSD.ORG Subject: Re: ftp vulnerability Message-ID: <20010411171843.A78034@svzserv.kemerovo.su> In-Reply-To: <15739596567.20010411131004@mail.ru>; from admin128@mail.ru on Wed, Apr 11, 2001 at 01:10:04PM %2B0400 References: <15739596567.20010411131004@mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Apr 11, 2001 at 01:10:04PM +0400, Anton Vladimirov wrote: > I run FreeBSD 4.0-RELEASE with all security patches applied. > Could anyone clearly explain how to fix the recent > ftpd hole for this version? You can use workaround: put a record into /etc/login.conf: anonftp:\ :datasize=16M:\ :stacksize=8M:\ :memoryuse=16M:\ :priority=5:\ :tc=default: Choose values suitable for you. Then do cap_mkdb /etc/login.conf and set login class of user 'ftp' to anonftp. This will prevent exloiting this hole. Eugene To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010411171843.A78034>