Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DU4.0D FTPd hacked

From: David Kennedy CISSP <david.kennedy () ACM ORG>
Date: Sat, 4 Nov 2000 16:37:31 -0500
-----BEGIN PGP SIGNED MESSAGE-----

At 04:18 PM 11/3/00 -0500, Jose Nazario wrote:

i am unable to see anything about the recent problems with string
format vulnerabilities (but would not be surprised if DU's FTPd was
vulnerable to this attack), or buffer overflows. these advisories
are the closest i have turned up:

http://packetstorm.securify.com/advisories/cert-nl/1998/S-98-27.asc
http://packetstorm.securify.com/advisories/cert-nl/1998/S-98-24.asc
http://packetstorm.securify.com/advisories/cert-nl/1998/S-98-26.asc

anyone know of any DU4.0D FTPd hacks out there? thanks.


Not being a Tru64 Unix user, I can't confirm or test, but the patch
notice from Compaq that I'll paste below indicates the Tr64 Unix is
ftp based on the Washinton University FTP, which you seem to already
know has had some problems.  This is the most recent patch advisory
on their ftp that I have.  Compare the date of this versus the latest
security-related release from wu-ftp.  You might want to use another
ftpd after you rebuild.  (the ftp URL is going to be broken by a
CR/LF):


Date: Wed, 2 Feb 2000 15:30:18 -0700
From: system PRIVILEGED account <root () nfsserver service digital com>
To: dunix-patches () data service digital com
Subject: OSIS50-ANON-FTP-PATCH OSIS V5.0 Anon FTP Patch for Tru64
UNIX V4.0D - V5.0
Sender: owner-dunix-patches () data service digital com
Reply-To: patch-announcements () service digital com

- ----------------------------------------------------------------------
               DIGITAL Unix Patch(ECO) Announcements
               -------------------------------------
  This message contains the updates on the latest patches posted at
  ftp.service.digital.com.  You're receiving this message as a
  subscriber to the dunix-patches mailing list.

  If you ever want to remove yourself from this mailing list, you can
  send mail to <Majordomo () data service digital com> with the
following
  command in the body of your email message:

  unsubscribe dunix-patches (your full email address receiving this
mail)
- ----------------------------------------------------------------------
**********************************************************************
*********
*
        *
*                     This is a newly released patch...
        *
*
        *
*  Online links can be found at
        *
*
http://ftp.service.digital.com/patches/public/unix/v4.0d/osis/5.0/osis
50-anon-ftp-patch.README
**********************************************************************
*********


TITLE: OSIS50-ANON-FTP-PATCH OSIS V5.0 Anon FTP Patch for Tru64 UNIX
V4.0D - V5.0


Copyright (c) COMPAQ Computer Corporation 2000.  All rights reserved.

PRODUCT:    Open Source Internet Solutions V5.0
SOURCE:     COMPAQ Computer Corporation

ECO INFORMATION:

     ECO Name:  OSIS50-ANON-FTP-PATCH
     ECO Kit Approximate Size:  235520 bytes
     Kit Applies To: Tru64 UNIX V4.0D - V5.0


ECO KIT SUMMARY:

 This patch only applies to the Open Source Internet Solutions V5.0
Washington
 University FTP server subset (IAFWFTP500).

 Symptom

    When you connect to the server using anonymous FTP, no chroot
command is
    performed and the default directory is /.

 Installation Instructions

   1.  Download the patch.
   2.  Unpack the downloaded tar file and run the install script as
root:

       # tar xf osis50-anon-ftp-patch.tar
       # ./install




[R] UNIX is a registered trademark in the United States and other
countries
licensed exclusively through X/Open Company Limited.

Copyright COMPAQ Computer Corporation 2000.  All Rights reserved.

  This software is proprietary to and embodies the confidential
technology
  of COMPAQ Computer Corporation.  Possession, use, or copying of
this
  software and media is authorized only pursuant to a valid written
license
  from COMPAQ or an authorized sublicensor.

       This ECO has not been through an exhaustive field test
process.
       Due to the experimental stage of this ECO/workaround, COMPAQ
       makes no representations regarding its use or performance.
The
       customer shall have the sole responsibility for adequate
protection
       and back-up data used in conjunction with this ECO/workaround.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: How long has it been since you backed up your hard drive?

iQCVAwUBOgSA3vGfiIQsciJtAQGj9gP/edcmHk3r16A2weCe43xm/1ThkWF+0XMy
lIH2YjYXMwG2TT7jyw57pCzkNgXbVzWjHxPTAG4ANZ3yvIBSXjQMB05JcMmKeRUE
bRdgWk2ryhIXIX0s1L13iycld60zw8RLXDF5gRUi3m2IyX4oKofDLoi+nTA60dLD
zPXf6pka7ZE=
=nf3A
-----END PGP SIGNATURE-----

--
Regards,

David Kennedy CISSP
Director of Research Services, TruSecure Corp. http://www.trusecure.com
Protect what you connect.
Look both ways before crossing the Net.
Previous By Date Next
Previous By Thread Next

Current thread: