[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] Hacked by SDI linux remote exploit for ProFTP
- Subject: Re: [cobalt-security] Hacked by SDI linux remote exploit for ProFTP
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Sat, 29 Sep 2001 17:30:12 +0200
- Organization: Stauber Multimedia Design
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Paul,
> I could not find a direct e-mail to tell Sun/Cobalt about my hack.
> Although I have all the security patches in place, including the 'Security:
> proftpd Update 1.0.1' they got in using 'SDI linux remote exploit for
> ProFTP'
>
> I have traced the hack to a Brazilian site which is freely available for
> download. I can let Cobalt have the address if they do not already know
> it.
It appears that this particular exploit has been around since September 1999.
The script in question works for ProFTPd 1.2.0. But as far as I understand it
the vulnerability in question should have been fixed in ProFTPD 1.2.0rc3.
A Cobalt with all patches in place should have proftpd-1.2.2rc1-C2, so I
wonder how you came to the conclusion that you've been hacked this way?
I'll compile the exploit and will run it against my own machine for a
look-see, though.
--
With best regards,
Michael Stauber
SOLARSPEED.NET