Bugtraq mailing list archives
Re: Aftpd core dump vulnerability
From: Neeko Oni <neeko () haackey com>
Date: Mon, 7 Jan 2002 12:46:02 -0800 (PST)
I, too, came across this vulnerability many months ago and tried to no avail to locate the author. I did, however, find what appeared to be the website of the daemon in question (the URL has been lost). As to your assumption that the daemon allowed 'regular' (/etc/passwd) logins, are you sure? My test site didn't, and the password file grabbed in the core was -not- the system password file. The daemon used DES for the passwords, yet the system used MD5... my test site also gave me the appearance that it was the system password file, because the administrator gave -almost all- system users accounts on the aftpd. That system, too, was a large hosting company (Canadian?). If the author is MIA and no point of contact can be made, I'm not sure if a vendor solution would be viable. Just thought I would add my input into this situation, but from what I've seen, only other aftpd user accounts are at risk--hoping, of course, that people aren't using the same password for everything they touch. *sigh* Thanks for your time, hope this helps anyone interested, .Jeffrey Roberts [Neeko] 01/07/02
Current thread:
- Aftpd core dump vulnerability Nu Omega Tau (Jan 07)
- Re: Aftpd core dump vulnerability Neeko Oni (Jan 08)
- <Possible follow-ups>
- Re: Aftpd core dump vulnerability Nu Omega Tau (Jan 08)