|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: dave (dave
immunityinc.com)
Date: Tue Sep 01 2009 - 06:03:52 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I can't really comment on the particulars of the FTPD bug, since it's
likely to be my fault as I probably audited that part of IIS ("Destined
for Ubiquity!") back while working at stake. I'm sure there's people on
the CANVAS team who can delve into the details of it, but in the
meantime, here are your probable questions:
1. Why is CERT recommending removing anonymous write access. This is
something that is pretty rare, I imagine? Aren't all the boxes
"anonymously" vulnerable to this already used as warez servers since
they have remote writable access turned on? Should CERT put a "duh" at
the end of the alert? :>
2. Where is the actual BUG and can it be reached any other way, say,
through inetinfo?
Ah, all good questions, no good answers.
- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkqc/5cACgkQtehAhL0gherb8QCfbazVxKCVEs4tO15cYVUsP09k
my0AnRKhIgIQQ84JBHo7jTxllSgqdWge
=W/MM
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]