Dailydave mailing list archives
FTPD! :>
From: dave <dave () immunityinc com>
Date: Tue, 01 Sep 2009 07:03:52 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I can't really comment on the particulars of the FTPD bug, since it's likely to be my fault as I probably audited that part of IIS ("Destined for Ubiquity!") back while working at @stake. I'm sure there's people on the CANVAS team who can delve into the details of it, but in the meantime, here are your probable questions: 1. Why is CERT recommending removing anonymous write access. This is something that is pretty rare, I imagine? Aren't all the boxes "anonymously" vulnerable to this already used as warez servers since they have remote writable access turned on? Should CERT put a "duh" at the end of the alert? :> 2. Where is the actual BUG and can it be reached any other way, say, through inetinfo? Ah, all good questions, no good answers. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkqc/5cACgkQtehAhL0gherb8QCfbazVxKCVEs4tO15cYVUsP09k my0AnRKhIgIQQ84JBHo7jTxllSgqdWge =W/MM -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- FTPD! :> dave (Sep 01)
- Re: FTPD! :> Florian Weimer (Sep 02)
- Re: FTPD! :> Shane Macaulay (Sep 07)
- Re: FTPD! :> Florian Weimer (Sep 02)