Date: Tue, 10 Dec 1996 10:14:38 -0600 (CST) From: igor@alecto.physics.uiuc.edu (Igor Roshchin) To: bugs@freebsd.netcom.com (Mark Hittinger) Cc: taob@io.org, freebsd-security@freebsd.org Subject: Re: URGENT: Packet sniffer found on my system Message-ID: <199612101614.KAA21524@alecto.physics.uiuc.edu> In-Reply-To: <199612101436.IAA24062@freebsd.netcom.com> from "Mark Hittinger" at Dec 10, 96 08:36:49 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > all but six setuid root binaries chmod 500'd. The Web/FTP server does > > not grant shell access. Is there something with Apache 1.1.1 or > > wu-ftpd I don't know about that allows a user to execute arbitrary > > code as root? I noticed lpr still had its setuid bit on the FTP > > server, but afaik, there is no way to tell wu-ftpd to run arbitrary > > programs as root. We are running wu-ftpd 2.4(1). > > Any ideas how root access was available so easily? > > The wu-ftpd looks a little old - it probably does not have Hobbit's fixes > in it. You might want to get the beta-11 of wu-ftpd and put that up. The > beta-11 incorporates Hobbit's fixes. > > Mark Hittinger > Netcom/Dallas > bugs@freebsd.netcom.com > What are those Hobbit's fixes ? Where can one get those ? Why are they not incorporated in ports ? thanks. IgoR
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612101614.KAA21524>