Bugtraq mailing list archives
Re: gftp - ms ftp debug mode
From: vision () WHITEHATS COM (Max Vision)
Date: Sun, 12 Sep 1999 23:51:07 -0700
Hi, Do you have reason to believe that this debug mode allows an attacker an extra ability to in some way capture your password information? Otherwise, the password being shown in debug mode on the client side is not a hole. It is only shown to the client who had just typed it in seconds ago, and who specifically and consciously enables the debug mode. As I said in an earlier post, if I put my client software into a debug mode, I do want to know *exactly* what it's doing. That's why I put it into debug mode. Hypothetical reasons for wanting to see the password information sent: 1. keyboard problems - if you have a "z" in your password and it misses when you hit the key half the time. 2. user error - you have numlock or caps lock, or have fat fingers 3. software trouble - you type foo, it sends oof.. Doesn't matter what caused the problem (you did enable debug for a reason right?), the point is that debug behavior should be to facilitate debuging by providing as much information as possible. You may have heard these solutions before, but here they are: 1. don't do that Keep in mind that as long as you are using the ftp protocol over the net, that password of yours is in clear in a big way. That is a far more dangerous and real vulnerability. Max On Sun, 12 Sep 1999, Valentin wrote:
Hello! Here is a test i did on my rh 6.0 (ftp server is patched ;) : [> [root@localhost /root]# ftp ftp> debug Debuggin on (debug=1). ftp> open localhost 220 localhost FTP server (Version wu-2.5.0(1) Fri Sep 03 14:41:20 EEST 1999) ready. Name (localhost:root): toor ---> USER toor 331 Password required for toor. Password: ---> PASS XXXX 220 User toor logged in. ... Now look at this: [> [root@localhost /root]# ftp ftp> debug Debuggin on (debug=1). ftp> open localhost 220 localhost FTP server (Version wu-2.5.0(1) Fri Sep 03 14:41:20 EEST 1999) ready. Name (localhost:root): ---> USER root 331 Password required for root. Password: ---> PASS XXXX 530 Login incorrect. Login failed. ---> SYST 530 Please login with USER and PASS. ftp> quote user toor ---> user toor ftp> quote pass root ---> pass root <--- (HAHA Here is the password) 230 User toor logged in. ftp> ..... Valentin
Current thread:
- [security-officer () FreeBSD ORG: FreeBSD-SA-99:01: BSD File Flags and Programming Techniques], (continued)
- [security-officer () FreeBSD ORG: FreeBSD-SA-99:01: BSD File Flags and Programming Techniques] Patrick Oonk (Sep 03)
- Re: Root shell vixie cron exploit Valentin Nechayev (Sep 04)
- gftp Oscar Haeger (Sep 05)
- Re: gftp - ms ftp debug mode Bencsath Boldizsar (Sep 08)
- fixing all buffer overflows --- random magin numbers Dr. Joel M. Hoffman (Sep 11)
- Re: fixing all buffer overflows --- random magin numbers Peter van Dijk (Sep 12)
- Re: fixing all buffer overflows --- random magin numbers Eric Hutchinson (Sep 12)
- Re: fixing all buffer overflows --- random magin numbers Daniel W. Dulitz x108 (Sep 13)
- Enterprise Overflow Daniel Kerr (Sep 11)
- Re: gftp - ms ftp debug mode Valentin (Sep 12)
- Re: gftp - ms ftp debug mode Max Vision (Sep 12)
- Linux 2.2.12 mini-audit Solar Designer (Sep 13)
- Vulnerability in dtaction Job de Haas (Sep 13)
- Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug UNYUN (Sep 12)
- Accept overflow on Netscape Enterprise Server 3.6 SP2 Nobuo Miwa (Sep 12)
- Re: COM and Windows 2000 thomasz () HOSTMASTER ORG (Sep 12)