Security Basics mailing list archives
RE: FTP security question...
From: "The Crocodile" <tcroc () cow pasture com>
Date: Fri, 15 Nov 2002 22:03:32 -0500
Many of the remotely exploitable bugs found in FTPD programs require a valid login to be able to overflow the buffer and thus exploit the vulnerability. If you have anon turned on and don't need it you leave that avenue of attack open. If for some reason you REQUIRE that it be left open then do so. You best be is if you don't need it close it. The Crocodile www.ghettohackers.net www.pasture.com/~tcroc -----Original Message----- From: Mike Cain [mailto:mikec () lpinsurance com] Sent: Wednesday, November 13, 2002 12:09 PM To: security-basics () lists securityfocus com Subject: FTP security question... I just came to work at a new company, and I have been doing the standard auditing and such to see where the company stands from a security point of view. Nothing looks as if its been compromised in the past, which should keep me from having to rebuild anything, but one thing I noticed on my SSS scan of the outside interface on our proxy server, was that Anonymous FTP is allowed. I know that's a no-no, but I looked closer, and found that the FTP root was locked down. Meaning if I log in anon, I cant mkdir, etc. What are the issues with that type of setup? Known security risks? Thanks in advance. PS yes, I am searching google as we speak with little to no effect.. Mike C CCNA/CCNP/MCSE
Current thread:
- RE: FTP security question... The Crocodile (Nov 16)
- <Possible follow-ups>
- Re: FTP security question... phani (Nov 16)
- Re: FTP security question... khayes (Nov 22)