Bugtraq mailing list archives
Re: ftpd bug? Was: bin/1805: Bug in ftpd
From: dougw () ncccs cc nc us (Doug Williams)
Date: Wed, 16 Oct 1996 14:22:06 -0400
SunOS 5.5: logon via ftp with your regular user/password, ftp> cd /tmp ftp> user root wrongpasswd ftp> quote pasv voila, root password in world readable core dump under /tmpI was able to create this core file under Solaris 2.4 as well...and if I took the time to create a symbolic link before doing the above procedure, I was able to create files anywhere on the system :(I got the same on Solaris 2.4. Being swamped right now I thought I might create an empty "core" in /tmp and permissions to 000. When doing the ftp exploit it fills/replaces the core file, but leaves the permissions intact. ...Maybe this soft patch will hold for a bit?
*POOOWWWWW* (delusional patch blow) Ummmmm... never mind, I'm a dolt. I was able to surf around until I found another 777 directory and Voila!
Current thread:
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Martin Rex (Oct 15)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Micah Brandon (Oct 16)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Doug Williams (Oct 16)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Doug Williams (Oct 16)
- solaris 2.4 license-manager bug Grant Kaufmann (Oct 16)
- Re: BoS: solaris 2.4 license-manager bug Paul Wickman (Oct 17)
- fix for symlinks in /tmp Andrew Tridgell (Oct 18)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Doug Williams (Oct 16)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd gamble () dxcoms cern ch (Oct 16)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Andrew Dills (Oct 16)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Jonny Llama (Oct 16)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Perry E. Metzger (Oct 16)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Andrew Dills (Oct 16)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Micah Brandon (Oct 16)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Rune Braathen (Oct 16)
- Re: ftpd bug? Was: bin/1805: Bug in ftpd Grant Kaufmann (Oct 16)
- <Possible follow-ups>
- Re: ftpd bug? Was: bin/1805: Bug in ftpd James Poland 6-5251 (Oct 16)