Bugtraq mailing list archives
Re: ftpd: the advisory version
From: carson () TLA ORG (Carson Gaspar)
Date: Fri, 30 Jun 2000 20:05:20 -0400
"Mike" == Mike Eldridge <diz () CAFES NET> writes:
Mike> On Tue, 27 Jun 2000, Olaf Kirch wrote:
I.e. publicfile is able to drop root privs because it stops using port 20 when creating data connections in response to a PORT command. It's against the spec but works with most clients.
Mike> Against spec, it may be, but in my opinion, it makes more sense. FYI, it violates a SHOULD, it doesn't violate a MUST, so it is officially in spec. -- Carson Gaspar -- carson () tla org Queen Trapped in a Butch Body
Current thread:
- Re: ftpd: the advisory version Valdis Kletnieks (Jun 30)
- Re: ftpd: the advisory version Tom Perrine (Jul 02)
- Conclusion to recent working WuFTPD Exploits Eric Hines (Jul 05)
- <Possible follow-ups>
- Re: ftpd: the advisory version Carson Gaspar (Jun 30)
- Re: ftpd: the advisory version Mike Gleason (Jul 02)
- [RHSA-2000:016-03] Multiple local imwheel vulnerabilities bugzilla () REDHAT COM (Jul 03)
- Re: ftpd: the advisory version monti (Jul 05)
- Re: ftpd: the advisory version D. J. Bernstein (Jul 06)
- Re: ftpd: the advisory version monti (Jul 07)
- Re: ftpd: the advisory version Mikael Olsson (Jul 07)
- Re: ftpd: the advisory version David Maxwell (Jul 07)
- Re: ftpd: the advisory version D. J. Bernstein (Jul 10)
- Re: ftpd: the advisory version Richard Rager (Jul 11)
- Infosec.20000712.worldclient.2.1 Rikard Carlsson (Jul 12)