Date: Tue, 3 Jul 2001 20:01:03 +0400 From: "Nickolay A. Kritsky" <nkritsky@internethelp.ru> To: <freebsd-security@FreeBSD.ORG> Subject: Re: weird messages Message-ID: <02fb01c103d9$5cd60140$0600a8c0@ibmka.internethelp.ru>
next in thread | raw e-mail | index | archive | help
This could be somebody willing to exploit last glob vulnerability in ftpd (SA-01:33) - it exploited very long directory names started with '~' (the same as $HOME in bash). In order for exploit to work attacker must have an ftp account with /etc/pwd.db reacheable . In 3 days after exploit was released, i found 5 such messages in /var/log/messages. Read the advisory, and see if you are vulnerable! NKritsky - SysAdmin InternetHelp.Ru http://www.internethelp.ru e-mail: nkritsky@internethelp.ru -----Original Message----- From: Matthew D. Fuller <fullermd@futuresouth.com> To: Peter Pentchev <roam@orbitel.bg> Cc: Magdalinin Kirill <bsdforumen@hotmail.com>; freebsd-security@FreeBSD.ORG <freebsd-security@FreeBSD.ORG> Date: 3 èþëÿ 2001 ã. 19:47 Subject: Re: weird messages <skip> > >To expand: >It's most likely NOT someone trying to fetch it, it's ftpd trying to find >it. Think uid -> username mappings in 'ls'. > > > >-- >Matthew Fuller (MF4839) | fullermd@over-yonder.net >Unix Systems Administrator | fullermd@futuresouth.com >Specializing in FreeBSD | http://www.over-yonder.net/ > >"The only reason I'm burning my candle at both ends, is because I > haven't figured out how to light the middle yet" > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?02fb01c103d9$5cd60140$0600a8c0>