Bugtraq mailing list archives
gftp
From: viggen () ENTERPRISE SHV HB SE (Oscar Haeger)
Date: Sun, 5 Sep 1999 11:29:15 +0200
Hello. In gFTP1.13, an FTP-client that ships with RH6.0 the password is displayed in plain text in the log window and is also saved in plain text if you choose to save a logfile. Granted this is not a really big deal but if you save your download-files (and logfile) on a public area you would be giving away your password. I have spoken with the author and he has some new versions out which he recommends that you get and install. http://gftp.seol.org/ Latest version is 2.0.4 but this particular bug was fixed in 2.0.0. The reason why I send this to bugtraq is that this ftp-client is (one of) the default ftp-clients in RH6.0 and if you don't know about it then perhaps you won't go through the trouble of an upgrade. //Oscar
Current thread:
- Root shell vixie cron exploit Michal Zalewski (Jul 05)
- Re: Root shell vixie cron exploit Seva Gluschenko (Sep 01)
- Re: Root shell vixie cron exploit Michal Zalewski (Sep 01)
- Re: Root shell vixie cron exploit John Kennedy (Sep 03)
- Re: Root shell vixie cron exploit Peter Wemm (Sep 07)
- Re: Root shell vixie cron exploit Raymond Dijkxhoorn (Sep 07)
- Re: Root shell vixie cron exploit Christos Zoulas (Sep 03)
- [security-officer () FreeBSD ORG: FreeBSD-SA-99:01: BSD File Flags and Programming Techniques] Patrick Oonk (Sep 03)
- Re: Root shell vixie cron exploit Valentin Nechayev (Sep 04)
- gftp Oscar Haeger (Sep 05)
- Re: gftp - ms ftp debug mode Bencsath Boldizsar (Sep 08)
- fixing all buffer overflows --- random magin numbers Dr. Joel M. Hoffman (Sep 11)
- Re: fixing all buffer overflows --- random magin numbers Peter van Dijk (Sep 12)
- Re: fixing all buffer overflows --- random magin numbers Eric Hutchinson (Sep 12)
- Re: fixing all buffer overflows --- random magin numbers Daniel W. Dulitz x108 (Sep 13)
- Enterprise Overflow Daniel Kerr (Sep 11)
- Re: gftp - ms ftp debug mode Valentin (Sep 12)
- Re: gftp - ms ftp debug mode Max Vision (Sep 12)
- Linux 2.2.12 mini-audit Solar Designer (Sep 13)
- Vulnerability in dtaction Job de Haas (Sep 13)
- Re: Root shell vixie cron exploit Seva Gluschenko (Sep 01)