Dailydave mailing list archives
Re: FTPD! :>
From: Shane Macaulay <shane () security-objectives com>
Date: Wed, 02 Sep 2009 20:07:42 -0700
Florian Weimer wrote:
1. Why is CERT recommending removing anonymous write access. This is something that is pretty rare, I imagine?I'm sure it's still used for sending in crash dumps and similar stuff.
Crash dumps? How? Manually? WER & company do not use FTP, afaik...?
Aren't all the boxes "anonymously" vulnerable to this already used as warez servers since they have remote writable access turned on?Only if read access is enabled, too. And it might even be relatively safe again to run an open FTP server. There seems to be little systematic probing to find suitable upload locations deeper down the directory tree.
What's funny is I hear there's some ftp servers with anonymous writable folders that have some weird cron job's checking all the files to enforce any errant files/config/permissions, so some random interval after you do an upload.exe, the file suddenly is mode 0444!! It's amazing what some people do thinking it was a good idea.
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- FTPD! :> dave (Sep 01)
- Re: FTPD! :> Florian Weimer (Sep 02)
- Re: FTPD! :> Shane Macaulay (Sep 07)
- Re: FTPD! :> Florian Weimer (Sep 02)