Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd)

Subject: Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd)
From: suid (suidSUID.EDU)
Date: Sun Dec 19 1999 - 19:53:13 CST

• Next message: Microsoft Product Security: "Microsoft Security Bulletin (MS99-059)"
• Previous message: David F. Skoll: "More on Red Hat 6.1 sysklogd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The following paper is available in full from my website, i have chosen
not to post the entire thing here as it is quite long.

http://www.suid.edu/advisories/001.txt

suidsuid.edu - the dangers of ftp conversions on misconfigured systems/ftpd (specifically wu-ftpd)

Summary:

        There exists a vulnerability with certain configurations of certain ftp daemons with which users with a valid
        ftp only acccount on a system may execute arbitrary commands (including binaries supplied by themselves). There
        also exists the possibilty that anonymous ftp users may execute arbitrary commands (also including binaries
        supplied by themselves).

        While this vulnerability is entirely configuration dependent. The required configuration is rather common. The
        requirements can be found in the example exploit section. Usually such misconfigurations are made only by the
        security-handicapped, and the documentation-illiterate. There is volumous amounts of documentation around which
        warn against this kind of configuration however it does not touch
        on this exact problem. Nor does that seem to prevent people from doing
        this time after time.

Regards,
suidsuid.edu

• Next message: Microsoft Product Security: "Microsoft Security Bulletin (MS99-059)"
• Previous message: David F. Skoll: "More on Red Hat 6.1 sysklogd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Mon Dec 20 1999 - 12:38:34 CST