Bugtraq mailing list archives
Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd)
From: suid () SUID EDU (suid)
Date: Mon, 20 Dec 1999 12:53:13 +1100
The following paper is available in full from my website, i have chosen not to post the entire thing here as it is quite long. http://www.suid.edu/advisories/001.txt suid () suid edu - the dangers of ftp conversions on misconfigured systems/ftpd (specifically wu-ftpd) Summary: There exists a vulnerability with certain configurations of certain ftp daemons with which users with a valid ftp only acccount on a system may execute arbitrary commands (including binaries supplied by themselves). There also exists the possibilty that anonymous ftp users may execute arbitrary commands (also including binaries supplied by themselves). While this vulnerability is entirely configuration dependent. The required configuration is rather common. The requirements can be found in the example exploit section. Usually such misconfigurations are made only by the security-handicapped, and the documentation-illiterate. There is volumous amounts of documentation around which warn against this kind of configuration however it does not touch on this exact problem. Nor does that seem to prevent people from doing this time after time. Regards, suid () suid edu
Current thread:
- Xsoldier xploit (was: FreeBSD 3.3 xsoldier root exploit), (continued)
- Xsoldier xploit (was: FreeBSD 3.3 xsoldier root exploit) Spidey (Dec 15)
- BindView Security Advisory: Vulnerability in Windows NT's SYSKEY feature BindView Security Advisory (Dec 16)
- Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities security-alert () CISCO COM (Dec 16)
- Reinventing the wheel (aka "Decoding Netscape Mail passwords") Vanja Hrustic (Dec 15)
- Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords") John Viega (Dec 16)
- Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords") Tim Hollebeek (Dec 16)
- Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords") Aleph One (Dec 16)
- ssh/rsaref bo exploit code Iván Arce (Dec 16)
- Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords") Rob Jones (Dec 16)
- More on Red Hat 6.1 sysklogd David F. Skoll (Dec 19)
- Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd) suid (Dec 19)
- Netscape password scrambling Gary McGraw (Dec 20)
- Re: Reinventing the wheel (aka "Decoding Netscape Mail passwords") Holger van Lengerich (Dec 20)
- Microsoft Security Bulletin (MS99-059) Microsoft Product Security (Dec 20)
- (Possible) Linuxconf Remote Buffer Overflow Vulnerability Elias Levy (Dec 21)
- Infoseek Ultraseek Remote Buffer Overflow luciano (Dec 16)
- Re: Infoseek Ultraseek Remote Buffer Overflow Marc (Dec 16)