Security Incidents mailing list archives

DU4.0D FTPd hacked

From: Jose Nazario <jose () BIOCSERVER BIOC CWRU EDU>
Date: Fri, 3 Nov 2000 16:18:17 -0500

hi all,

had a machine compromised on campus last week. it was a DEC UNIX 4.0D
machine, and had had the usual rounds of patches applied. compromise was
believed to have been through the FTP daemon (shipped with the OS, from
Digital), which was running anonymous FTP service (the machine is a file
server for a small field of research).

i am unable to see anything about the recent problems with string format
vulnerabilities (but would not be surprised if DU's FTPd was vulnerable to
this attack), or buffer overflows. these advisories are the closest i have
turned up:

http://packetstorm.securify.com/advisories/cert-nl/1998/S-98-27.asc
http://packetstorm.securify.com/advisories/cert-nl/1998/S-98-24.asc
http://packetstorm.securify.com/advisories/cert-nl/1998/S-98-26.asc

anyone know of any DU4.0D FTPd hacks out there? thanks.


jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)

Current thread:

DU4.0D FTPd hacked Jose Nazario (Nov 05)
- <Possible follow-ups>
- Re: DU4.0D FTPd hacked David Kennedy CISSP (Nov 06)