From owner-freebsd-security  Tue Jul  3  9: 1:17 2001
Delivered-To: freebsd-security@freebsd.org
Received: from internethelp.ru (wh.internethelp.ru [212.113.112.145])
	by hub.freebsd.org (Postfix) with ESMTP id E7C7D37B405
	for <freebsd-security@FreeBSD.ORG>; Tue,  3 Jul 2001 09:01:07 -0700 (PDT)
	(envelope-from nkritsky@internethelp.ru)
Received: from ibmka (ibmka.internethelp.ru. [192.168.0.6])
	by internethelp.ru (8.9.3/8.9.3) with SMTP id UAA16469
	for <freebsd-security@FreeBSD.ORG>; Tue, 3 Jul 2001 20:01:03 +0400 (MSD)
Message-ID: <02fb01c103d9$5cd60140$0600a8c0@ibmka.internethelp.ru>
From: "Nickolay A. Kritsky" <nkritsky@internethelp.ru>
To: <freebsd-security@FreeBSD.ORG>
Subject: Re: weird messages
Date: Tue, 3 Jul 2001 20:01:03 +0400
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 4.72.3110.5
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3110.3
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

This could be somebody willing to exploit last glob vulnerability in ftpd (SA-01:33) - it exploited very long directory names
started with '~' (the same as $HOME in bash). In order for exploit to work attacker must have an ftp account with /etc/pwd.db
reacheable . In 3 days after exploit was released, i found 5 such messages in /var/log/messages. Read the advisory, and see if you
are vulnerable!


NKritsky - SysAdmin InternetHelp.Ru
http://www.internethelp.ru
e-mail: nkritsky@internethelp.ru

-----Original Message-----
From: Matthew D. Fuller <fullermd@futuresouth.com>
To: Peter Pentchev <roam@orbitel.bg>
Cc: Magdalinin Kirill <bsdforumen@hotmail.com>; freebsd-security@FreeBSD.ORG <freebsd-security@FreeBSD.ORG>
Date: 3 èþëÿ 2001 ã. 19:47
Subject: Re: weird messages

<skip>

>
>To expand:
>It's most likely NOT someone trying to fetch it, it's ftpd trying to find
>it.  Think uid -> username mappings in 'ls'.
>
>
>
>--
>Matthew Fuller     (MF4839)     |    fullermd@over-yonder.net
>Unix Systems Administrator      |    fullermd@futuresouth.com
>Specializing in FreeBSD         |    http://www.over-yonder.net/
>
>"The only reason I'm burning my candle at both ends, is because I
>      haven't figured out how to light the middle yet"
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message