well omer, you judge yourself. i bet its new. Moran Zavdi [EMAIL PROTECTED] -----Original Message----- From: suid <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: יום שני 20 דצמבר 1999 21:52 Subject: Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd) >The following paper is available in full from my website, i have chosen >not to post the entire thing here as it is quite long. > >http://www.suid.edu/advisories/001.txt > >[EMAIL PROTECTED] - the dangers of ftp conversions on misconfigured systems/ftpd (specifically wu-ftpd) > >Summary: > > There exists a vulnerability with certain configurations of certain ftp daemons with which users with a valid > ftp only acccount on a system may execute arbitrary commands (including binaries supplied by themselves). There > also exists the possibilty that anonymous ftp users may execute arbitrary commands (also including binaries > supplied by themselves). > > While this vulnerability is entirely configuration dependent. The required configuration is rather common. The > requirements can be found in the example exploit section. Usually such misconfigurations are made only by the > security-handicapped, and the documentation-illiterate. There is volumous amounts of documentation around which > warn against this kind of configuration however it does not touch > on this exact problem. Nor does that seem to prevent people from doing > this time after time. > > >Regards, >[EMAIL PROTECTED] > ================================================================= To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
