|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Nickolay A. Kritsky (nkritsky
internethelp.ru)Date: Tue Jul 03 2001 - 11:01:03 CDT
This could be somebody willing to exploit last glob vulnerability in ftpd (SA-01:33) - it exploited very long directory names
started with '~' (the same as $HOME in bash). In order for exploit to work attacker must have an ftp account with /etc/pwd.db
reacheable . In 3 days after exploit was released, i found 5 such messages in /var/log/messages. Read the advisory, and see if you
are vulnerable!
NKritsky - SysAdmin InternetHelp.Ru
http://www.internethelp.ru
e-mail: nkritskyinternethelp.ru
-----Original Message-----
From: Matthew D. Fuller <fullermdfuturesouth.com>
To: Peter Pentchev <roamorbitel.bg>
Cc: Magdalinin Kirill <bsdforumenhotmail.com>; freebsd-securityFreeBSD.ORG <freebsd-securityFreeBSD.ORG>
Date: 3 èþëÿ 2001 ã. 19:47
Subject: Re: weird messages
<skip>
>
>To expand:
>It's most likely NOT someone trying to fetch it, it's ftpd trying to find
>it. Think uid -> username mappings in 'ls'.
>
>
>
>--
>Matthew Fuller (MF4839) | fullermdover-yonder.net
>Unix Systems Administrator | fullermdfuturesouth.com
>Specializing in FreeBSD | http://www.over-yonder.net/
>
>"The only reason I'm burning my candle at both ends, is because I
> haven't figured out how to light the middle yet"
>
>To Unsubscribe: send mail to majordomoFreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]