Bugtraq mailing list archives
Re: BoS: Re: ftpd bug? Was: bin/1805: Bug in ftpd
From: emf () pls com (Erik Fichtner)
Date: Wed, 16 Oct 1996 11:32:30 -0400
Grant Kaufmann wrote:
Killing from the command line doesn't seem to work, but: SunOS 5.5: logon via ftp with your regular user/password, ftp> cd /tmp ftp> user root wrongpasswd ftp> quote pasv voila, root password in world readable core dump under /tmpNope, its even better than that. Under 5.4, the core file is rw-rw-rw and it follows symlinks as root.
this applies to 5.5 as well. This also applies to wuftp 2.4 on solaris 2.4 it does NOT apply to the dumping the hashed password to the corefile.. but it will obliterate any file. (can we say /kernel/unix) wuftp is slightly safer in that it dumps to they symlink core as mode 664.
-- Grant -- http://www.cs.uct.ac.za/~gkaufman/pgp.html
-- Erik Fichtner Systems Administrator, PLS emf () pls com 'Your agonizer, please...'
Current thread:
- Re: BoS: Re: ftpd bug? Was: bin/1805: Bug in ftpd Erik Fichtner (Oct 16)