Bugtraq mailing list archives
Re: Serv-U FTP Exploit?
From: kevlar () SMARTLINK NET (Kevlar)
Date: Thu, 30 Apr 1998 12:21:37 -0700
One of the orinigal versions had just such an expliot. But that was fixed a long time ago, when the serv-u program was pretty new. The newest release is secure as far as I can tell. At 05:31 PM 4/29/98 -0500, Chris Kline wrote:
I've heard a few rumors about an exploit found in Serv-U FTP that supposedly compromised all security and gave you full access to the servers hard drive, including execution permissions. Because of this I've been warned not to use it, but no matter how much I search for an exploit, I can't seem to find it. So can anyone confirm this exploit and show how it's done and what to do to protect against it?
-Kevlar <Kevlar () smartlink net> My motto: Be good, Or be good at it. Oh, I'm sorry... Was I not suposed to EXPORT STRONG CRYPTO? print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<> )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"| dc` Beat your algorithms into swords and your virtual machines into spears... Let the weak say, "I am strong".
Current thread:
- Re: Serv-U FTP Exploit? Kevlar (Apr 30)