Date: Tue, 10 Dec 1996 08:36:49 -0600 (CST) From: bugs@freebsd.netcom.com (Mark Hittinger) To: taob@io.org (Brian Tao) Cc: freebsd-security@freebsd.org Subject: Re: URGENT: Packet sniffer found on my system Message-ID: <199612101436.IAA24062@freebsd.netcom.com> In-Reply-To: <Pine.BSF.3.95.961210000201.1328A-100000@nap.io.org> from "Brian Tao" at Dec 10, 96 00:15:52 am
next in thread | previous in thread | raw e-mail | index | archive | help
> all but six setuid root binaries chmod 500'd. The Web/FTP server does > not grant shell access. Is there something with Apache 1.1.1 or > wu-ftpd I don't know about that allows a user to execute arbitrary > code as root? I noticed lpr still had its setuid bit on the FTP > server, but afaik, there is no way to tell wu-ftpd to run arbitrary > programs as root. We are running wu-ftpd 2.4(1). > Any ideas how root access was available so easily? The wu-ftpd looks a little old - it probably does not have Hobbit's fixes in it. You might want to get the beta-11 of wu-ftpd and put that up. The beta-11 incorporates Hobbit's fixes. Look at cgiwrap for the cgi's on the apache server, look at hacking ftpd to chroot. Make sure users can't create .forward or .rhost files in their ftp directory. Get rid of hosts.equiv - make sure the rlogin/rsh/rcp stuff is disabled. Look at secure rpcbind from ftp.cert.org. Good luck. Regards, Mark Hittinger Netcom/Dallas bugs@freebsd.netcom.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612101436.IAA24062>