[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Hacked by SDI linux remote exploit for ProFTP
- Subject: Re: [cobalt-security] Hacked by SDI linux remote exploit for ProFTP
- From: "Paul Harvey" <paul@xxxxxxxxxxxxx>
- Date: Sat, 29 Sep 2001 15:09:53 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Anonymous was not turned on. So I am not sure how they got in. We suspect
they used a network sniffer to grab the usernames and passwords and then
installed the exploit.
Paul
----- Original Message -----
From: "Barbara -" <thebizworkers@xxxxxxxxx>
To: <cobalt-security@xxxxxxxxxxxxxxx>
Sent: Saturday, September 29, 2001 12:04 PM
Subject: [cobalt-security] Hacked by SDI linux remote exploit for ProFTP
> >Although I have all the security patches in place,
> >including the 'Security: proftpd Update 1.0.1'
> >they got in using 'SDI linux remote exploit
> >for ProFTP'
>
> Just out of curiosity, don't you need to be running
> anonymous ftp for this exploit to work? I just checked
> Security Focus and it says "SDI anonymous remote
> exploit for proftpd". From what I can gather, it says
> they first need "permission to download a file (like
> welcome.msg or README)." Not that this isn't a serious
> issue, but if anonymous FTP isn't turned on, I don't
> think it would be so easy to exploit (unless of course
> a user decides to try). Please correct me if I'm
> wrong.
>
> http://www.securityfocus.com/cgi-bin/archive.pl?id=1&mid=27450
>
> Barbara
>
> __________________________________________________
> Do You Yahoo!?
> Listen to your Yahoo! Mail messages from any phone.
> http://phone.yahoo.com
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
>