From owner-freebsd-security Tue Dec 10 08:16:56 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id IAA10358 for security-outgoing; Tue, 10 Dec 1996 08:16:56 -0800 (PST) Received: from postoffice.cso.uiuc.edu (postoffice.cso.uiuc.edu [128.174.5.11]) by freefall.freebsd.org (8.8.4/8.8.4) with SMTP id IAA10345 for ; Tue, 10 Dec 1996 08:16:49 -0800 (PST) Received: from alecto.physics.uiuc.edu (alecto.physics.uiuc.edu [128.174.83.167]) by postoffice.cso.uiuc.edu (8.6.12/8.6.12) with ESMTP id KAA237806; Tue, 10 Dec 1996 10:15:44 -0600 Received: by alecto.physics.uiuc.edu (940816.SGI.8.6.9/940406.SGI) id KAA21524; Tue, 10 Dec 1996 10:14:38 -0600 From: igor@alecto.physics.uiuc.edu (Igor Roshchin) Message-Id: <199612101614.KAA21524@alecto.physics.uiuc.edu> Subject: Re: URGENT: Packet sniffer found on my system To: bugs@freebsd.netcom.com (Mark Hittinger) Date: Tue, 10 Dec 1996 10:14:38 -0600 (CST) Cc: taob@io.org, freebsd-security@freebsd.org In-Reply-To: <199612101436.IAA24062@freebsd.netcom.com> from "Mark Hittinger" at Dec 10, 96 08:36:49 am X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > > > > all but six setuid root binaries chmod 500'd. The Web/FTP server does > > not grant shell access. Is there something with Apache 1.1.1 or > > wu-ftpd I don't know about that allows a user to execute arbitrary > > code as root? I noticed lpr still had its setuid bit on the FTP > > server, but afaik, there is no way to tell wu-ftpd to run arbitrary > > programs as root. We are running wu-ftpd 2.4(1). > > Any ideas how root access was available so easily? > > The wu-ftpd looks a little old - it probably does not have Hobbit's fixes > in it. You might want to get the beta-11 of wu-ftpd and put that up. The > beta-11 incorporates Hobbit's fixes. > > Mark Hittinger > Netcom/Dallas > bugs@freebsd.netcom.com > What are those Hobbit's fixes ? Where can one get those ? Why are they not incorporated in ports ? thanks. IgoR