[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] ProFTPD Bug - may lead to a security issue

Subject: Re: [cobalt-security] ProFTPD Bug - may lead to a security issue
From: Michael Korolew <admin@xxxxxxxxxxxxxx>
Date: Thu, 20 Dec 2001 19:37:27 +1100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

So they didn't actually crack into the box but they forked the box , a DOS.
Anyone can fill up the harddrive and logs with useless crap, it doesn't mean a buffer overrun occured
an anonymous user can create several directories and doing it continuously, but just don't allow anonymous users and only trusted locals and you don't need to worry as much with ftpd.
I'll keep an eye out for exploit code for this ProFTPD version in the future. but an overrun is not going to exploit this (thats what all those 'fun' logs are) and because stack exec is disabled a large amount of exploits written don't effect the Raqs at ALL. And again there is NO exploit for this ProFTPD and may NEVER be an exploit written for this version of ProFTPD on the Raqs, and I think you should do a little more reseach into computer security before crappin your pants next time and blocking your ftpd, foo.

Barbara wrote:

Jeff, this is true, however if there was an
exploitable buffer overrunn code similar to 
wuftpd versions it would not effect the Raqs 
anyway since they come with stack execution 
disabled, which protects it from exploit code
overruns/overflows, thus eliminating the need 
to scramble to patch the Raqs.


WRONG!!! I personally can vouch that this *IS* a
threat to RaQ's (3&4) because we just had a local user
try and use it against us just yesterday... They
didn't succeed in hacking into the box (as far as we
can tell), but they DID manage to bring it down... All
our RaQ's are fully patched and up to date (and then
some).. But afterwards, we found our logs FULL of
buffer overruns and kernel calls (traces) and all
kinds of other fun stuff from their attempt...
Eventually the system had so many open files it just
started rejecting everything and eventually crashed.
Make no mistake - THIS IS A VALID THREAT TO RAQ'S and
needs plugged ASAP!! We have since disabled FTP on all
our systems until a patch is released. Let's not be
fooled with a false sense of security regarding this
one..



__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! A
uctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

References:
- [cobalt-security] ProFTPD Bug - may lead to a security issue
  - From: Barbara

Prev by Date: [cobalt-security] Bastille or Jasse
Next by Date: Re: [cobalt-security] ProFTPD Bug - may lead to a security issue
Previous by thread: [cobalt-security] ProFTPD Bug - may lead to a security issue
Next by thread: [cobalt-security] ProFTPD Bug - may lead to a security issue

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index