Bugtraq mailing list archives
Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4)
From: joerg.czeranski () informatik tu-clausthal de (Joerg Czeranski)
Date: Thu, 13 Jul 1995 18:09:08 +0200
Am I correct in stating that this problem only occurs on SVR4 based unix's [where /proc exists]? Or would, say, SunOS 4.1.x be affected?This affect's Linux's /proc, but may well be an issue with SVR4's /dev/fd directory. While this doesn't exist by default on SunOS 4, there is a commonly available kernel driver to implement it.
As far as i can judge it, the SVR4 /dev/fd file system is not vurnerable
via ftpd. I've checked it on Dec OSF/1 2.0, 3.2 and Solaris 2.4:
The /dev/fd/* are neither hard links nor symlinks but character pseudo
devices and ftpd won't open them ("/dev/fd/0: not a plain file").
joerg
--
Joerg Czeranski EMail czeranski () informatik tu-clausthal de
Osteroeder Strasse 55 czeranski () rz tu-clausthal de
D 38678 Clausthal-Zellerfeld WWW http://www.in.tu-clausthal.de/~injc/
Current thread:
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Dan Thorson (Jul 12)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Casper Dik (Jul 13)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Jeremy Fitzhardinge (Jul 13)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Casper Dik (Jul 13)
- NT sniper bug? Brian Court (Jul 14)
- Re: NT sniper bug? Firewall Mailing Lists Account (Jul 15)
- Re: NT sniper bug? Forrest Aldrich (Jul 16)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Jas (Jul 13)
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Scott Barman (Jul 13)
- <Possible follow-ups>
- Re: Security Problem ftpd (includes wu.ftpd 2.4 and 2.4.2 beta 4) Joerg Czeranski (Jul 13)