|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Shane Macaulay (shane
security-objectives.com)
Date: Wed Sep 02 2009 - 22:07:42 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Florian Weimer wrote:
>> 1. Why is CERT recommending removing anonymous write access. This is
>> something that is pretty rare, I imagine?
>>
>
> I'm sure it's still used for sending in crash dumps and similar stuff.
>
Crash dumps? How? Manually? WER & company do not use FTP, afaik...?
>> Aren't all the boxes "anonymously" vulnerable to this already used
>> as warez servers since they have remote writable access turned on?
>>
>
> Only if read access is enabled, too. And it might even be relatively
> safe again to run an open FTP server. There seems to be little
> systematic probing to find suitable upload locations deeper down the
> directory tree.
>
What's funny is I hear there's some ftp servers with anonymous writable
folders that have some weird cron job's checking all the files to
enforce any errant files/config/permissions, so some random interval
after you do an upload.exe, the file suddenly is mode 0444!! It's
amazing what some people do thinking it was a good idea.
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
>
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]