[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Hacked by SDI linux remote exploit for ProFTP

Subject: Re: [cobalt-security] Hacked by SDI linux remote exploit for ProFTP
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Sat, 29 Sep 2001 17:30:12 +0200
Organization: Stauber Multimedia Design
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Paul,

> I could not find a direct e-mail to tell Sun/Cobalt about my hack. 
> Although I have all the security patches in place, including the 'Security:
> proftpd Update 1.0.1' they got in using 'SDI linux remote exploit for
> ProFTP'
>
> I have traced the hack to a Brazilian site which is freely available for
> download.  I can let Cobalt have the address if they do not already know
> it.

It appears that this particular exploit has been around since September 1999. 
The script in question works for ProFTPd 1.2.0. But as far as I understand it 
the vulnerability in question should have been fixed in ProFTPD 1.2.0rc3.

A Cobalt with all patches in place should have proftpd-1.2.2rc1-C2, so I 
wonder how you came to the conclusion that you've been hacked this way?

I'll compile the exploit and will run it against my own machine for a 
look-see, though.

-- 

With best regards,

Michael Stauber
SOLARSPEED.NET

Follow-Ups:
- Re: [cobalt-security] Hacked by SDI linux remote exploit for ProFTP
  - From: Paul Harvey

References:
- [cobalt-security] Hacked by SDI linux remote exploit for ProFTP
  - From: Paul Harvey

Prev by Date: Re: [cobalt-security] Hacked by SDI linux remote exploit for ProFTP
Next by Date: [cobalt-security] - not issue MAIL/EXPN/VRFY/ETRN during connection to M
Previous by thread: Re: [cobalt-security] Hacked by SDI linux remote exploit for ProFTP
Next by thread: Re: [cobalt-security] Hacked by SDI linux remote exploit for ProFTP

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index