Bugtraq mailing list archives

Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)

From: marekm () i17linuxb ists pwr wroc pl (Marek Michalkiewicz)
Date: Wed, 12 Jul 1995 17:49:07 +0200


Henri Karrenbeld:

People with local ftp access can use the filedescriptors in /proc of
the iwu.)ftpd process (which is running under their euid) to read and append
to files to which they should not have access. This gives write permission
to /var/adm/wtmp and read access to /etc/shadow, if your ftpd is hacked


This is a known problem with Linux /proc.  Fixed in 1.2.11, introducing
a minor misfeature (ps shows ftpd always running as root).  I hope 1.2.12
(if, when) will fix it better.

1.2.11 makes everything in /proc/pid owned by root if real and effective
uid (or gid) of the process are different, or if the dumpable flag is
cleared (it is cleared for setuid and setgid programs).  This disallows
access to /proc/pid/fd.

Marek

Current thread:

web site, (continued)
- - - web site Aleph One (Jul 07)
    - Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Dr. Frederick B. Cohen (Jul 09)
    - Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Darren Reed (Jul 09)
    - updated-secure-w#-daemons Dr. Frederick B. Cohen (Jul 09)
    - Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Kent Fitch (Jul 09)
    - Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Casper Dik (Jul 10)
    - Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Ken Wilcox (Jul 11)
    - Exploit+fix for Linux SIGURG Marek Michalkiewicz (Jul 11)
    - The FTP Bounce Attack *Hobbit* (Jul 11)
    - Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Henri Karrenbeld (Jul 12)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Marek Michalkiewicz (Jul 12)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) James Seng (Jul 12)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Henri Karrenbeld (Jul 12)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Aleph One (Jul 13)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Jeremy Fitzhardinge (Jul 13)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) James W. Abendschan (Jul 12)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Lyndon Nerenberg (Jul 12)
    - Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Aleph One (Jul 13)
    - Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Karl Strickland (Jul 10)
    - Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing Perry E. Metzger (Jul 10)
    - Re: Jul 9 08:06:03 all inetd[122]: httpd/tcp server failing BioH (Jul 10)

(Thread continues...)