From: Anton Vladimirov <admin128@mail.ru> To: Eugene Grosbein <eugen@iname.com> Cc: security@FreeBSD.ORG Subject: Re[2]: ftp vulnerability Message-ID: <941113000.20010411133520@mail.ru> In-Reply-To: <20010411171843.A78034@svzserv.kemerovo.su> References: <15739596567.20010411131004@mail.ru> <20010411171843.A78034@svzserv.kemerovo.su>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Eugene, Wednesday, April 11, 2001, 1:18:43 PM, you wrote: EG> On Wed, Apr 11, 2001 at 01:10:04PM +0400, Anton Vladimirov wrote: >> I run FreeBSD 4.0-RELEASE with all security patches applied. >> Could anyone clearly explain how to fix the recent >> ftpd hole for this version? EG> You can use workaround: put a record into /etc/login.conf: EG> anonftp:\ EG> :datasize=16M:\ EG> :stacksize=8M:\ EG> :memoryuse=16M:\ EG> :priority=5:\ EG> :tc=default: EG> Choose values suitable for you. Then do EG> cap_mkdb /etc/login.conf EG> and set login class of user 'ftp' to anonftp. EG> This will prevent exloiting this hole. Is this vulnerability concerned only to anonymous ftp? Can it be exploited by non-anonymous users? -- Best regards, Anton mailto:admin128@mail.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?941113000.20010411133520>