Bugtraq mailing list archives
Re: Netscape FTP Server - "Professional" as hell :>
From: lcamtuf () DIONE IDS PL (Michal Zalewski)
Date: Sat, 24 Jun 2000 11:32:22 +0200
On Fri, 23 Jun 2000, Luis Pinto wrote:
$ cat KUKU root:x:0:1:Super-User:/:/sbin/sh daemon:x:1:1::/: bin:x:2:2::/usr/bin: sys:x:3:3::/: adm:x:4:4:Admin:/var/adm: ...Believe it or not, i got exactly the same result with wu-ftpd-2.6.0... Proftpd is not vulnerable.
wu-ftpd on anonymous account id going chroot(), so you'll get fake /etc/passwd (/home/ftp/etc/passwd). On luser accounts, by default wu is NOT doing chroot, and you have access to whole filesystem with your privledges. But it's possible to chroot() every user, and in this case it will work properly.
I hate to disagree with you, but the passwd file you got is the ftp server, not the /etc/passwd. So, unless ftpd.ini is under the ftp root, you cant grab it.
No. Please try it on Netscape FTP, ok?:P There's no such thing as ftp server /etc/passwd, unlike wu-ftpd. _______________________________________________________ Michal Zalewski [lcamtuf () tpi pl] [tp.internet/security] [http://lcamtuf.na.export.pl] <=--=> bash$ :(){ :|:&};: =-----=> God is real, unless declared integer. <=-----=
Current thread:
- Netscape FTP Server - "Professional" as hell :> Michal Zalewski (Jun 21)
- easy DoS of LDAP services in case of naive programming bert hubert (Jun 21)
- WuFTPD: Providing *remote* root since at least1994 tf8 (Jun 22)
- <Possible follow-ups>
- Re: Netscape FTP Server - "Professional" as hell :> Luis Pinto (Jun 22)
- Re: Netscape FTP Server - "Professional" as hell :> Michal Zalewski (Jun 24)