Dailydave mailing list archives
FTPD! :>
From: dave <dave () immunityinc com>
Date: Tue, 01 Sep 2009 07:03:52 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I can't really comment on the particulars of the FTPD bug, since it's
likely to be my fault as I probably audited that part of IIS ("Destined
for Ubiquity!") back while working at @stake. I'm sure there's people on
the CANVAS team who can delve into the details of it, but in the
meantime, here are your probable questions:
1. Why is CERT recommending removing anonymous write access. This is
something that is pretty rare, I imagine? Aren't all the boxes
"anonymously" vulnerable to this already used as warez servers since
they have remote writable access turned on? Should CERT put a "duh" at
the end of the alert? :>
2. Where is the actual BUG and can it be reached any other way, say,
through inetinfo?
Ah, all good questions, no good answers.
- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkqc/5cACgkQtehAhL0gherb8QCfbazVxKCVEs4tO15cYVUsP09k
my0AnRKhIgIQQ84JBHo7jTxllSgqdWge
=W/MM
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- FTPD! :> dave (Sep 01)
- Re: FTPD! :> Florian Weimer (Sep 02)
- Re: FTPD! :> Shane Macaulay (Sep 07)
- Re: FTPD! :> Florian Weimer (Sep 02)