Security Incidents mailing list archives
DU4.0D FTPd hacked
From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Fri, 3 Nov 2000 16:18:17 -0500
hi all, had a machine compromised on campus last week. it was a DEC UNIX 4.0D machine, and had had the usual rounds of patches applied. compromise was believed to have been through the FTP daemon (shipped with the OS, from Digital), which was running anonymous FTP service (the machine is a file server for a small field of research). i am unable to see anything about the recent problems with string format vulnerabilities (but would not be surprised if DU's FTPd was vulnerable to this attack), or buffer overflows. these advisories are the closest i have turned up: http://packetstorm.securify.com/advisories/cert-nl/1998/S-98-27.asc http://packetstorm.securify.com/advisories/cert-nl/1998/S-98-24.asc http://packetstorm.securify.com/advisories/cert-nl/1998/S-98-26.asc anyone know of any DU4.0D FTPd hacks out there? thanks. jose nazario jose () cwru edu PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Current thread:
- DU4.0D FTPd hacked Jose Nazario (Nov 05)
- <Possible follow-ups>
- Re: DU4.0D FTPd hacked David Kennedy CISSP (Nov 06)