[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] SDI remote ProFTPD exploit
- Subject: Re: [cobalt-security] SDI remote ProFTPD exploit
- From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
- Date: Thu, 28 Sep 2000 21:18:46 +0100 (BST)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
If you search around on SecurityFocus.com, and look in the bugtraq
archives you will find a post from me a few months back about various
issues with Cobalt RaQ's. The first two points have now been fixed
(well,
patches have been release). The final note was about the fact that
ProFTPD pre9 has a security hole.
To cut a long story short, emails were exchanged on this list with Cobalt
about the issue, Cobalt admitted there was a problem but declared that
ProFTPD rc1 (the current version at the time) had a problem with
chmodding, so no patch could be released.
After this point? Well, not much happened.
If SDI has made an exploit for the problem (wouldn't suprise me), I doubt
it will work against RaQ's. However, its still an issue. Mind you,
having said this, actually upgrading ProFTPD is a bit of a nightmare at
the moment due to there being no single, stable version of it available.
Pre10 has a format string bug. RC1 apparently has a chmod bug. RC2
breaks PASV. CVS probably isn't stable enough for production environment.
On Wed, 27 Sep 2000, Theodore Jones wrote:
> Brian,
>
> Thanks. I'm trying to track it down as well.
>
> ~ Theo
>
> Brian Foy Jr wrote:
>
> > Your right. In the end getting the information out there (and that includes the
> > actual exploits so we can test our servers) is the only way to help us figure out
> > how vaunerable we are, and how hard we have to push for a fix.
> >
> > I'm off to look up the exploit at: www.securityfocus.com
> > They do a pretty good job of documenting this type of thing
> > and often have sugestions on how to fix it.
> >
> > Brian
> >
> > Theodore Jones wrote:
> >
> > > Well,
> > >
> > > If the hackers saw the last messages and indeed are monitoring this list, they
> > > already know about it I would guess. I probably could have done a search to
> > > track this report down, but I'll admit to being slogged with "issues" all day
> > > and was looking for a lazy alternative....
> > >
> > > I appreciate your concern, but the "security by obscurity" issue has been
> > > thrashed out before in this forum. I say let the information flow, block the
> > > holes when we find out about them, and let everyone here know loud and clear....
> > >
> > > My humble opinion only,
> > >
> > > ~ Theo
> > >
> > > Mark Baker - Cobalt Lists wrote:
> > >
> > > > Is that a good idea? This list is watched by hackers.
> > > >
> > > > Regards,
> > > >
> > > > Mark Baker
> > > > Dark Marketing Ltd
> > > > http://www.yoursitehere.co.uk
> > > >
> > > > Reply e-mail: mark@xxxxxxxxxxxxxxxxxx
> > > > ----- Original Message -----
> > > > From: Theodore Jones <theoj@xxxxxxxxxxxxx>
> > > > To: <cobalt-security@xxxxxxxxxxxxxxx>
> > > > Sent: Wednesday, September 27, 2000 7:44 PM
> > > > Subject: Re: [cobalt-security] SDI remote ProFTPD exploit
> > > >
> > > > > Can you send out a link to the report on this exploit possibly?
> > > > >
> > > > > ~ Theo
> > > > >
> > > > > Audric Leperdi wrote:
> > > > >
> > > > > > SDI remote ProFTPD exploit (Sept2K)
> > > > > >
> > > > > > Does the latest patch fix this exploit now publicly & widely available??
> > > > > >
> > > > > > Audric Leperdi
> > > > > > evolutiva s.r.l. - Via Varallo, 30 - 10153 Torino (TO) - Italy
> > > > > > Tel. +39.011.8121617 - Fax +39.011.8121614 - http://www.evolutiva.com
> > > > > > _____________________________________________________________________
> > > > > >
> > > > > > Il contenuto di questo messaggio è confidenziale e la lettura o la
> > > > > > divulgazione non autorizzata dello stesso viola i diritti di privacy del
> > > > > > mittente e del desinatario.
> > > > > > Se avete ricevuto questo messaggio per errore siete pregati di
> > > > distruggerlo
> > > > > > e di avvertire il mittente.
> > > > > >
> > > > > > This message is confidential and unauthorised reading or disclosing of
> > > > it
> > > > > > infringes privacy rights of sender and recipent.
> > > > > > If you are not the intended recipient of this message, please destroy it
> > > > and
> > > > > > inform the sender.
> > > > > > Tel 011 8121617 - Fax 011 8121614
> > > > > >
> > > > > > _______________________________________________
> > > > > > cobalt-security mailing list
> > > > > > cobalt-security@xxxxxxxxxxxxxxx
> > > > > > http://list.cobalt.com/mailman/listinfo/cobalt-security
> > > > >
> > > > > _______________________________________________
> > > > > cobalt-security mailing list
> > > > > cobalt-security@xxxxxxxxxxxxxxx
> > > > > http://list.cobalt.com/mailman/listinfo/cobalt-security
> > > >
> > > > _______________________________________________
> > > > cobalt-security mailing list
> > > > cobalt-security@xxxxxxxxxxxxxxx
> > > > http://list.cobalt.com/mailman/listinfo/cobalt-security
> > >
> > > _______________________________________________
> > > cobalt-security mailing list
> > > cobalt-security@xxxxxxxxxxxxxxx
> > > http://list.cobalt.com/mailman/listinfo/cobalt-security
> >
> > _______________________________________________
> > cobalt-security mailing list
> > cobalt-security@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-security
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>