NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > SuSE Linux> 2000-q4

Subject: Re: [suse-security] strange ftp-scan
From: Kurt Seifried (listuserseifried.org)
Date: Sat Oct 07 2000 - 07:37:27 CDT

Next message: Kurt Seifried: "Re: [suse-security] strange ftp-scan"
Previous message: Stefan Suurmeijer: "Re: [suse-security] strange ftp-scan"
In reply to: semat: "Re: [suse-security] strange ftp-scan"
Reply: Kurt Seifried: "Re: [suse-security] strange ftp-scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Well if I remeber well there was also a security advisory recently about
> proftp and how remote users could gain root priviledges. I think so far
> the only one that hasn't had any has been the one from Openbsd it comes
> with suse. try it out.

Proftpd 1.2.0pre9, 10 had root hacks, rc1 has a dos (not so bad, but
annoying, blockable though with "denyfilter "%"" if I remember rtight), rc2
is ok. OpenBSD's ftpd had a root hack due to a format string attack:
===========
http://www.openbsd.org/errata.html
019: SECURITY FIX: July 5, 2000
Just like pretty much all the other unix ftp daemons on the planet, ftpd had
a remote root hole in it. Luckily, ftpd was not enabled by default. The
problem exists if anonymous ftp is enabled.
===========

Basically all ftp daemons had a root hack due to the format strings problem.
WuFTPD also has a TERRIBLE code base (like Bind for example), Proftpd is a
LOT cleaner, and has a way easier/more powerful config, for example:

within my anonymous directive:

<Directory /home/ftp/uploads>
        AllowOverwrite off
        <LIMIT WRITE>
                AllowAll
        </LIMIT>
        <LIMIT READ>
                Order Allow,Deny
                Allow from 1.2.3.4 5.6.7.8
                Deny from all
        </LIMIT>
</Directory>

This is cool because I can ftp in from 1.2.3.4 or 5.6.7.8 to my uploads
directory and download things/delete them from the uploads dir. I can assign
who the files will be owned as once uploaded (root, ftp, seifried,
whatever). All sorts of cool stuff. You do not need to worry about the
actuall directory perms at all with ProFTPD, to do an upload dir is trivial,
as say compared to wuftpd.

-Kurt

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com

Next message: Kurt Seifried: "Re: [suse-security] strange ftp-scan"
Previous message: Stefan Suurmeijer: "Re: [suse-security] strange ftp-scan"
In reply to: semat: "Re: [suse-security] strange ftp-scan"
Reply: Kurt Seifried: "Re: [suse-security] strange ftp-scan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]