[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE:[cobalt-security] Hacked by SDI linux remote exploit for ProFTP
- Subject: RE:[cobalt-security] Hacked by SDI linux remote exploit for ProFTP
- From: Azi Azi <azi@xxxxxxx>
- Date: Sat, 29 Sep 2001 04:34:20 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
>Just out of curiosity, don't you need to be running
>anonymous ftp for this exploit to work? I just checked
>Security Focus and it says "SDI anonymous remote
>exploit for proftpd". From what I can gather, it says
>they first need "permission to download a file (like
>welcome.msg or README)." Not that this isn't a serious
>issue, but if anonymous FTP isn't turned on, I don't
>think it would be so easy to exploit (unless of course
>a user decides to try). Please correct me if I'm
>wrong.
>
>http://www.securityfocus.com/cgi-bin/archive.pl?>id=1&mid=27450
Well by looking at the script in question ......
/*
* SDI linux remote exploit for ProFTPDpre[1,2,3]
* Sekure SDI - Brazilian Information Security Team
* by c0nd0r <condor@xxxxxxxxxx> - Sep/99 (tudo na paz!)
*
* Exploit for the ProFTPD log_xfer() buffer overflow -- it will spawn a
* shell owned by root.
*
* HOWTO: unlikely the other recent FTP vulnerability, this one doesn't
* need a writeable directory. You just got to have permission to
* download a file (like welcome.msg or README). Don't forget to install
* our favorite network tool -- NetCat.
*
This would confirm your comments ....
Azi ..
_____________________________________________________________
Supplying Your Everyday Needs ---> http://www.t35.com