|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
A Bug in the Recently Released BetaFTPD0.0.8pre7 (fwd)
Subject: A Bug in the Recently Released BetaFTPD0.0.8pre7 (fwd)
From: Bubonic (ssq
M-NET.ARBORNET.ORG)
Date: Tue Dec 21 1999 - 21:40:22 CST
- Next message: Eilert Brinkmann: "Re: any user can make hard links in Unix"
- Previous message: Benjamin Elijah Griffin: "any user can make hard links in Unix"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Betaftpd0.0.8pre7
I had just downloaded this program off of freshmeat to test it.
I decided to change it to go on port 21 (ftpd.h). After doing that
I configured and made the program. Than I ran it on my system
(Linux 2.2.9 RH 6.0) and the following logs tell the rest:
------------------------------ran the program------------------------------
bash-2.03# ./betaftpd --enable-xferlog --enable-fullscren
--enable-upload --enable-shadow &
[1] 4753
BetaFTPD version 0.0.8pre7, Copyright (C) 1999 Steinar H. Gunderson
BetaFTPD comes with ABSOLUTELY NO WARRANTY; for details see the file
COPYING. This is free software, and you are welcome to redistribute it
under certain conditions; again see the file COPYING for details.
BetaFTPD active
bash-2.03#
----------------------------------------------------------------------------
Then I decided to ps -aux to find out how it was running
---------------------------------ps -aux----------------------------------
bash-2.03# ps -aux
root 4753 0.0 1.2 1308 384 pts/6 S 17:27 0:00 ./betaftpd
----------------------------------------------------------------------------
Now this seemed all good and dandy running as root as I wanted it
to be.(this is before testing the --enable-nonroot flag).
So I decided to test the stability of the program by ftping to it.
So I did:
----------------------------------ftp log-----------------------------------
bash-2.03# ftp 127.0.0.1
Connected to 127.0.0.1.
220 BetaFTPD 0.0.8pre7 ready.
Name (127.0.0.1:root): bubonic
331 Password required for bubonic.
Password:
530 Login incorrect.
Login failed.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> bye
221 Have a nice day!
bash-2.03#
----------------------------------------------------------------------------
I gave the a wrong password on purpose so I go eat dinner and not
goof around anymore but before I went to eat I listed the process
one more time and noticed something a little strange:
------------------------------------ps -aux-------------------------------
bash-2.03# ps -aux
bubonic 4753 0.0 2.1 1360 672 pts/6 S 17:27 0:00 ./betaftpd
----------------------------------------------------------------------------
By not having a sucessful login with the login bubonic the process
was now under my user bubonic. This could cause a DoS for an intruder
who could kill your FTP service. Indeed a big bug. Since it is now
bubonic's PID then that user is able to kill this PID which could
result in a mess.
-Bubonic
P.S. Sorry for poor english I wrote this without food. :)
Any question or comments please mail me at ssqm-net.arbornet.org
- Next message: Eilert Brinkmann: "Re: any user can make hard links in Unix"
- Previous message: Benjamin Elijah Griffin: "any user can make hard links in Unix"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Wed Dec 22 1999 - 01:09:15 CST