Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 7 Jun 1999 19:04:09 -0700 (PDT)
From:      Matthew Dillon <dillon@apollo.backplane.com>
To:        Igor Roshchin <igor@physics.uiuc.edu>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: Q.: any new ftp vulnerabilities ?
Message-ID:  <199906080204.TAA31422@apollo.backplane.com>
References:   <199906061755.MAA03136@alecto.physics.uiuc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
:Hello!
:
:I have observed a few occasions when some people were establishing 
:multiple connections to the ftp server within the last week (there is no
:anonymous access, so it should not be "by mistake").
:Usually, the logs do not indicate any attempt of login, even
:as anonymous. The frequency of connects (reported by tcpwrapper) is not too 
:high, but probably indicated that those are launched by a script
:(about 25-35 connections within 2-5 minutes).
:
:I haven't seen any new security hole or DOS vulnerability in any ftpd recently
:(except the one found in February or so, regarding the realpath,
:and some similar issues, but that hole would not require multiple
:connects), so I wonder if anybody has observed anything similar,
:and if anybody knows of any new vulnerability ?
:
:IgoR
:
:PS. The machine is running 2.2.7 and wu-ftpd-2.4.2v17.

    There was a login overflow root exploit w/ anonymous FTP but I think
    it was fixed in v16.  However, since I left BEST I haven't been keeping up
    with wu-ftpd bugs so I do not know if any new problems have occured.  I
    do seem to recall that the *new* version of wu-ftpd ( 3.x or something
    like that ) introduced a bunch of new exploitable holes which they then
    scrambled to close.  Doh!  There was also a recent hole found on Linux 
    boxes due to the implementation of a directory pathing routine in libc,
    but FreeBSD's version of the routine is not vulnerable. 

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199906080204.TAA31422>