Re: Aftpd core dump vulnerability

[Neeko Oni <neeko () haackey com>]

I, too, came across this vulnerability many months ago and tried to no
avail to locate the author.  I did, however, find what appeared to be
the website of the daemon in question (the URL has been lost).
As to your assumption that the daemon allowed 'regular' (/etc/passwd)
logins, are you sure?  My test site didn't, and the password file grabbed
in the core was -not- the system password file.  The daemon used DES for
the passwords, yet the system used MD5... my test site also gave me the
appearance that it was the system password file, because the administrator
gave -almost all- system users accounts on the aftpd.  That system, too,
was a large hosting company (Canadian?).  If the author is MIA and no point
of contact can be made, I'm not sure if a vendor solution would be viable.
Just thought I would add my input into this situation, but from what I've
seen, only other aftpd user accounts are at risk--hoping, of course, that
people aren't using the same password for everything they touch.  *sigh*

Thanks for your time, hope this helps anyone interested,

.Jeffrey Roberts
        [Neeko]
        01/07/02