Bugtraq mailing list archives
Re: WU-ftpd Upload Ownership/Permissions Bug
From: andrewr () alpha1 excell net (Juan Valdez)
Date: Tue, 24 Jun 1997 23:13:34 -0400
After reading the original WU-ftpd post by Michael Brennen, then reading this one, I thank him greatly for making sure that we all were informed about this error on his behalf. While I dont make advisory posts here, I do feel we all could learn from this. To take a look at what we have noted as a hole, and then recheck it to make sure there are no mistakes. Just some thoughts in the back of muh head andrewr Michael Brennen wrote:
After looking further into the wu-ftpd bug I reported last week, I realized that many sites may not be vulnerable to the bug that I reported. In retrospect I realized that I had recently added the /./ to the end of the anonymous ftp path in /etc/passwd while rearranging the ftp user. I certainly had no idea that it would break the upload directive code and found it quite by accident. The code does not expect /./ at the end of the anonymous ftp path and does not behave correctly if it exists. The argument could be made that the /./ should never [need to] be on the anonymous ftp path since it is always chrooted. Given the unexpected consequences of placing it there, and that adding the patch does not alter functionality if /./ is not there, I would argue that the source change should be made in the eventuality that someone puts /./ on their anon ftp path. anonymous is a chrooted account, and it would be easy to think you needed the /./. If /./ is added, it unexpectedly changes the behaviour of the daemon for the worse. That hole should be closed. A better patch against the original source is below; reverse the first before applying this one. -- Michael
Current thread:
- WU-ftpd Upload Ownership/Permissions Bug Michael Brennen (Jun 24)
- <Possible follow-ups>
- Re: WU-ftpd Upload Ownership/Permissions Bug Juan Valdez (Jun 24)
- Re: WU-ftpd Upload Ownership/Permissions Bug Michael Brennen (Jun 25)