Security Incidents mailing list archives
Re: DU4.0D FTPd hacked
From: David Kennedy CISSP <david.kennedy () ACM ORG>
Date: Sat, 4 Nov 2000 16:37:31 -0500
-----BEGIN PGP SIGNED MESSAGE----- At 04:18 PM 11/3/00 -0500, Jose Nazario wrote:
i am unable to see anything about the recent problems with string format vulnerabilities (but would not be surprised if DU's FTPd was vulnerable to this attack), or buffer overflows. these advisories are the closest i have turned up: http://packetstorm.securify.com/advisories/cert-nl/1998/S-98-27.asc http://packetstorm.securify.com/advisories/cert-nl/1998/S-98-24.asc http://packetstorm.securify.com/advisories/cert-nl/1998/S-98-26.asc anyone know of any DU4.0D FTPd hacks out there? thanks.
Not being a Tru64 Unix user, I can't confirm or test, but the patch notice from Compaq that I'll paste below indicates the Tr64 Unix is ftp based on the Washinton University FTP, which you seem to already know has had some problems. This is the most recent patch advisory on their ftp that I have. Compare the date of this versus the latest security-related release from wu-ftp. You might want to use another ftpd after you rebuild. (the ftp URL is going to be broken by a CR/LF): Date: Wed, 2 Feb 2000 15:30:18 -0700 From: system PRIVILEGED account <root () nfsserver service digital com> To: dunix-patches () data service digital com Subject: OSIS50-ANON-FTP-PATCH OSIS V5.0 Anon FTP Patch for Tru64 UNIX V4.0D - V5.0 Sender: owner-dunix-patches () data service digital com Reply-To: patch-announcements () service digital com - ---------------------------------------------------------------------- DIGITAL Unix Patch(ECO) Announcements ------------------------------------- This message contains the updates on the latest patches posted at ftp.service.digital.com. You're receiving this message as a subscriber to the dunix-patches mailing list. If you ever want to remove yourself from this mailing list, you can send mail to <Majordomo () data service digital com> with the following command in the body of your email message: unsubscribe dunix-patches (your full email address receiving this mail) - ---------------------------------------------------------------------- ********************************************************************** ********* * * * This is a newly released patch... * * * * Online links can be found at * * http://ftp.service.digital.com/patches/public/unix/v4.0d/osis/5.0/osis 50-anon-ftp-patch.README ********************************************************************** ********* TITLE: OSIS50-ANON-FTP-PATCH OSIS V5.0 Anon FTP Patch for Tru64 UNIX V4.0D - V5.0 Copyright (c) COMPAQ Computer Corporation 2000. All rights reserved. PRODUCT: Open Source Internet Solutions V5.0 SOURCE: COMPAQ Computer Corporation ECO INFORMATION: ECO Name: OSIS50-ANON-FTP-PATCH ECO Kit Approximate Size: 235520 bytes Kit Applies To: Tru64 UNIX V4.0D - V5.0 ECO KIT SUMMARY: This patch only applies to the Open Source Internet Solutions V5.0 Washington University FTP server subset (IAFWFTP500). Symptom When you connect to the server using anonymous FTP, no chroot command is performed and the default directory is /. Installation Instructions 1. Download the patch. 2. Unpack the downloaded tar file and run the install script as root: # tar xf osis50-anon-ftp-patch.tar # ./install [R] UNIX is a registered trademark in the United States and other countries licensed exclusively through X/Open Company Limited. Copyright COMPAQ Computer Corporation 2000. All Rights reserved. This software is proprietary to and embodies the confidential technology of COMPAQ Computer Corporation. Possession, use, or copying of this software and media is authorized only pursuant to a valid written license from COMPAQ or an authorized sublicensor. This ECO has not been through an exhaustive field test process. Due to the experimental stage of this ECO/workaround, COMPAQ makes no representations regarding its use or performance. The customer shall have the sole responsibility for adequate protection and back-up data used in conjunction with this ECO/workaround. -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: How long has it been since you backed up your hard drive? iQCVAwUBOgSA3vGfiIQsciJtAQGj9gP/edcmHk3r16A2weCe43xm/1ThkWF+0XMy lIH2YjYXMwG2TT7jyw57pCzkNgXbVzWjHxPTAG4ANZ3yvIBSXjQMB05JcMmKeRUE bRdgWk2ryhIXIX0s1L13iycld60zw8RLXDF5gRUi3m2IyX4oKofDLoi+nTA60dLD zPXf6pka7ZE= =nf3A -----END PGP SIGNATURE----- -- Regards, David Kennedy CISSP Director of Research Services, TruSecure Corp. http://www.trusecure.com Protect what you connect. Look both ways before crossing the Net.
Current thread:
- DU4.0D FTPd hacked Jose Nazario (Nov 05)
- <Possible follow-ups>
- Re: DU4.0D FTPd hacked David Kennedy CISSP (Nov 06)