Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

wuftpd trojan info

From: cklaus () shadow net (Christopher Klaus)
Date: Wed, 6 Apr 94 15:40:37 EDT

Here is some information that may help you know if you have a trojan
version.   If your version appears to have a trojan, please e-mail me.

the password checking routine in ftpd.c should probably not differ
from the following:

#ifdef ULTRIX_AUTH
        if ((numfails = ultrix_check_pass(passwd, xpasswd)) < 0) {
#else
        /* The strcmp does not catch null passwords! */
        if (pw == NULL || *pw->pw_passwd == '\0' ||
            strcmp(xpasswd, pw->pw_passwd)) {
#endif
            reply(530, "Login incorrect.");


-- 
Christopher William Klaus  Email: cklaus () shadow net  Author:Inet Sec. Scanner
2209 Summit Place Drive,Dunwoody, GA 30350-2430. (404)998-5871.
Previous By Date Next
Previous By Thread Next

Current thread: