Bugtraq mailing list archives
Re: wu-ftpd 2.4.2-beta-13 default UMASK hole
From: staikos () 0WNED ORG (George Staikos)
Date: Wed, 11 Jun 1997 17:13:32 -0400
On Wed, 11 Jun 1997, Roy M. Hooper wrote:
The default umask for wu-ftpd 2.4.2-beta-13 is 002. Since most users on most sites are in the same group, all files created by users PUTting files would be group writeable by anyone. Not a good thing.
I contacted academ software regarding this issue on or about March 13 this year. The problem was present in beta-12 and beta-13 (perhaps earlier releases too). There should hopefully be a patch in beta-14. I have pasted the request number below... -----8<------ [ACADEM-SW-SUPPORT #257] UMASK in wu-ftpd-2.4.2-beta-12 has been received and assigned a request number of 257. -----8<----- George
Current thread:
- wu-ftpd 2.4.2-beta-13 default UMASK hole Roy M. Hooper (Jun 11)
- wu-ftpd 2.4.2-beta-13 default UMASK hole Steve VanDevender (Jun 11)
- Re: wu-ftpd 2.4.2-beta-13 default UMASK hole George Staikos (Jun 11)
- Denial of service (qmail-smtpd) Frank DENIS -Jedi/Sector One- (Jun 11)
- qmail-dos-2.c, another denial of service attack Frank DENIS -Jedi/Sector One- (Jun 11)
- DNS abuse Jordi Murgo (Jun 11)
- Solaris x86 buffer overflows jim bresler (Jun 12)
- CERT Advisory CA-97.18 - Vulnerability in the at(1) program Aleph One (Jun 12)
- Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program Rick Byers (Jun 12)
- Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program The Nolander (Jun 12)
- Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program Thomas Koenig (Jun 14)
- Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program Adam Morrison (Jun 15)
- Netscape Exploit root (Jun 14)
- Re: CERT Advisory CA-97.18 - Vulnerability in the at(1) program Rick Byers (Jun 12)