Bugtraq mailing list archives
Re: CERT Advisory CA-97.27 - FTP_bounce
From: balin () rucus ru ac za (Barry Irwin)
Date: Fri, 12 Dec 1997 11:00:25 +0200
Aleph One
Note that this has been discussed a long time ago. I approved it becuse it is still an issue. For a nice recount of both active and passive attack read Secure Networks paper "Some problems with the File Transfer Protocol, a failure of common implementations, and suggestions for repair" at http://www.secnet.com/papers/ftp-paper.html
For those of you wanting to test this problem have a look at http://www.rootshell.com/hacking/ftpBounceAttack Barry -- -- "Ground Control to Major Tom; your circuits dead, there is something wrong.." ------------------------------------------------------------------------------ Barry Irwin aka Big Bastard From Hell bvi () rucus ru ac za http://rucus.ru.ac.za/~bvi bbfh () coredump bofh org za http://coredump.bofh.org.za -------------------------------------------------------------------------------
Current thread:
- CERT Advisory CA-97.27 - FTP_bounce Aleph One (Dec 10)
- Re: CERT Advisory CA-97.27 - FTP_bounce Janos Farkas (Dec 11)
- Re: CERT Advisory CA-97.27 - FTP_bounce Aleph One (Dec 11)
- Re: CERT Advisory CA-97.27 - FTP_bounce Barry Irwin (Dec 12)
- Re: CERT Advisory CA-97.27 - FTP_bounce Alfred Huger (Dec 12)
- Re: CERT Advisory CA-97.27 - FTP_bounce Aleph One (Dec 11)
- Q163852: Invalid Operand with Locked CMPXCHG8B Instruction Aleph One (Dec 12)
- Re: CERT Advisory CA-97.27 - FTP_bounce Janos Farkas (Dec 11)
- <Possible follow-ups>
- Re: CERT Advisory CA-97.27 - FTP_bounce Kev (Dec 11)