Re: ftp conversions exploit

From: Lamont Granquist (lamontat_private)
Date: Mon Dec 27 1999 - 11:53:04 PST

Next message: Kragen Sitaker: "Re: Announcement: Solaris loadable kernel module backdoor"

Previous message: Gregory A Lundberg: "Re: ftp conversions exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 22 Dec 1999, Desi Hacker wrote:
> during the exploiting process.. the final step as instructed by the auther
> doesn't work
>
> ftp> get "--use-compress-program=sh blah".tar
> or
> ftp> get "--use-compress-program=sh blah".tar
>
> instead is gives a warning of permission denied!
> in case of anon ftp logging

The author made it fairly clear that this exploit applied to non-anonymous
accounts, which are more trusted by default than the anonymous FTP
account.  The exploit should also fail for anonymous users in the next
step which requires rights to do a SITE CHMOD.

The moral of the exploit seems to be that you shouldn't trust people with
non-anon FTP access who you wouldn't trust with shell accounts.

Next message: Kragen Sitaker: "Re: Announcement: Solaris loadable kernel module backdoor"
Previous message: Gregory A Lundberg: "Re: ftp conversions exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:23:35 PDT