[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] SDI remote ProFTPD exploit

Gossi,

Is this exploit only for users who have a shell account on the target RaQ?  or could it be
channeled through anon FTP at all?

~ Theo

Gossi The Dog wrote:

> If you search around on SecurityFocus.com, and look in the bugtraq
> archives you will find a post from me a few months back about various
> issues with Cobalt RaQ's.  The first two points have now been fixed
> (well,
> patches have been release).  The final note was about the fact that
> ProFTPD pre9 has a security hole.
>
> To cut a long story short, emails were exchanged on this list with Cobalt
> about the issue, Cobalt admitted there was a problem but declared that
> ProFTPD rc1 (the current version at the time) had a problem with
> chmodding, so no patch could be released.
>
> After this point?  Well, not much happened.
>
> If SDI has made an exploit for the problem (wouldn't suprise me), I doubt
> it will work against RaQ's.  However, its still an issue.  Mind you,
> having said this, actually upgrading ProFTPD is a bit of a nightmare at
> the moment due to there being no single, stable version of it available.
>
> Pre10 has a format string bug.  RC1 apparently has a chmod bug.  RC2
> breaks PASV.  CVS probably isn't stable enough for production environment.
>
> On Wed, 27 Sep 2000, Theodore Jones wrote:
>
> > Brian,
> >
> > Thanks.  I'm trying to track it down as well.
> >
> > ~ Theo
> >
> > Brian Foy Jr wrote:
> >
> > > Your right. In the end getting the information out there (and that includes the
> > > actual exploits so we can test our servers) is the only way to help us figure out
> > > how vaunerable we are, and how hard we have to push for a fix.
> > >
> > > I'm off to look up the exploit at:  www.securityfocus.com
> > > They do a pretty good job of documenting this type of thing
> > > and often have sugestions on how to fix it.
> > >
> > > Brian
> > >
> > > Theodore Jones wrote:
> > >
> > > > Well,
> > > >
> > > > If the hackers saw the last messages and indeed are monitoring this list, they
> > > > already know about it I would guess.  I probably could have done a search to
> > > > track this report down, but I'll admit to being slogged with "issues" all day
> > > > and was looking for a lazy alternative....
> > > >
> > > > I appreciate your concern, but the "security by obscurity" issue has been
> > > > thrashed out before in this forum.  I say let the information flow, block the
> > > > holes when we find out about them, and let everyone here know loud and clear....
> > > >
> > > > My humble opinion only,
> > > >
> > > > ~ Theo
> > > >
> > > > Mark Baker - Cobalt Lists wrote:
> > > >
> > > > > Is that a good idea? This list is watched by hackers.
> > > > >
> > > > > Regards,
> > > > >
> > > > > Mark Baker
> > > > > Dark Marketing Ltd
> > > > > http://www.yoursitehere.co.uk
> > > > >
> > > > > Reply e-mail: mark@xxxxxxxxxxxxxxxxxx
> > > > > ----- Original Message -----
> > > > > From: Theodore Jones <theoj@xxxxxxxxxxxxx>
> > > > > To: <cobalt-security@xxxxxxxxxxxxxxx>
> > > > > Sent: Wednesday, September 27, 2000 7:44 PM
> > > > > Subject: Re: [cobalt-security] SDI remote ProFTPD exploit
> > > > >
> > > > > > Can you send out a link to the report on this exploit possibly?
> > > > > >
> > > > > > ~ Theo
> > > > > >
> > > > > > Audric Leperdi wrote:
> > > > > >
> > > > > > > SDI remote ProFTPD exploit (Sept2K)
> > > > > > >
> > > > > > > Does the latest patch fix this exploit now publicly & widely available??
> > > > > > >
> > > > > > > Audric Leperdi
> > > > > > > evolutiva s.r.l. - Via Varallo, 30 - 10153 Torino (TO) - Italy
> > > > > > > Tel. +39.011.8121617 - Fax +39.011.8121614 - http://www.evolutiva.com
> > > > > > > _____________________________________________________________________
> > > > > > >
> > > > > > > Il contenuto di questo messaggio è confidenziale e la lettura o la
> > > > > > > divulgazione non autorizzata dello stesso viola i diritti di privacy del
> > > > > > > mittente e del desinatario.
> > > > > > > Se avete ricevuto questo messaggio per errore siete pregati di
> > > > > distruggerlo
> > > > > > > e di avvertire il mittente.
> > > > > > >
> > > > > > > This message is confidential and unauthorised reading or disclosing of
> > > > > it
> > > > > > > infringes privacy rights of sender and recipent.
> > > > > > > If you are not the intended recipient of this message, please destroy it
> > > > > and
> > > > > > > inform the sender.
> > > > > > > Tel 011 8121617 - Fax 011 8121614
> > > > > > >
> > > > > > > _______________________________________________
> > > > > > > cobalt-security mailing list
> > > > > > > cobalt-security@xxxxxxxxxxxxxxx
> > > > > > > http://list.cobalt.com/mailman/listinfo/cobalt-security
> > > > > >
> > > > > > _______________________________________________
> > > > > > cobalt-security mailing list
> > > > > > cobalt-security@xxxxxxxxxxxxxxx
> > > > > > http://list.cobalt.com/mailman/listinfo/cobalt-security
> > > > >
> > > > > _______________________________________________
> > > > > cobalt-security mailing list
> > > > > cobalt-security@xxxxxxxxxxxxxxx
> > > > > http://list.cobalt.com/mailman/listinfo/cobalt-security
> > > >
> > > > _______________________________________________
> > > > cobalt-security mailing list
> > > > cobalt-security@xxxxxxxxxxxxxxx
> > > > http://list.cobalt.com/mailman/listinfo/cobalt-security
> > >
> > > _______________________________________________
> > > cobalt-security mailing list
> > > cobalt-security@xxxxxxxxxxxxxxx
> > > http://list.cobalt.com/mailman/listinfo/cobalt-security
> >
> > _______________________________________________
> > cobalt-security mailing list
> > cobalt-security@xxxxxxxxxxxxxxx
> > http://list.cobalt.com/mailman/listinfo/cobalt-security
> >
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security