[1017] in linux-security and linux-alert archive
Re: [linux-security] qmail,wu.ftpd,deslogind, in.telnetsnoopd ?
daemon@ATHENA.MIT.EDU (Jonathan Larmour)
Mon Aug 19 19:20:05 1996
Date: Sun, 18 Aug 1996 19:05:36 +0100
To: Frank Parato <fparato@gti.net>, linux-security@tarsier.cv.nrao.edu
From: Jonathan Larmour <JLarmour@origin-at.co.uk>
At 10:39 13/08/96 -0400, Frank Parato wrote:
>
>Hello, I'm very new to this mailing list, so forgive me if I ask
>questions about things that have already been discussed. However my
>system was recently invaded by a complete outsider. The daemons above are
>the only ones that are running on my machine. Does anyone know of any
>security holes that give the exploiter root on any of the above daemons ?
Surely you must be running syslogd? There are many known problems with
syslogd to do with buffer overruns, and in particular if your syslogd
listens on the syslogd UDP port, then that could easily be the trouble.
Also for telnetsnoopd, are you aware of the environment variables problem
where LD_LIBRARY_PATH (and others) were exported to /bin/login by in.telnetd
(and presumably similarly in.telnetsnoopd). I think there's a CERT advisory
for that one. If your ftpd allows uploads anywhere, then that's probably the
most likely attack as this was known to be exploited. See the CA.
>qmail has the basic setup, I did not hear of any security holes in qmail
>so all that was changed were local configurations
>
>wu.ftpd does allow anonymous connections, it has its own bin directory,
>(not /usr/bin), and the site exec option seems that it is non-functional.
[snip]
For the above two, if you haven't already, you could look at their "home"
sites, and look at the Change log/Release notes of the latest version and
see if there have been security fixes since the versions you have.
Jonathan L.
Origin UK, 323 Cambridge Science Park, Cambridge, England. CB4 4WG.
Tel: +44 (1223) 423355 Fax: +44 (1223) 420724 E-mail: guess...
-------[ Do not think that every sad-eyed woman has loved and lost... ]------
-----------------------[ she may have got him. -Anon ]-----------------------
These opinions are all my own fault.