[1227] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Alinux-securityA Attempt to break through ftp

daemon@ATHENA.MIT.EDU (Andrew Tridgell)
Thu Oct 17 02:34:24 1996

From: Andrew Tridgell <tridge@arvidsjaur.anu.edu.au>
To: fnevgeny@plasma-gate.weizmann.ac.il
CC: linux-security@tarsier.cv.nrao.edu
In-reply-to: <199610160110.DAA09910@plasma.weizmann.ac.il> (message from
	Evgeny Stambulchik on Wed, 16 Oct 1996 03:10:47 +0200 (GMT+0200))
Reply-to: Andrew.Tridgell@anu.edu.au
Date: 	Wed, 16 Oct 1996 19:54:05 +1000

Evgeny wrote:
> # strings ~ftp/incoming/lininfo.zip
> 
> [skipped not interesting stuff]
> 
> root-access
> Welcome to the wonderful world of uid = 0
>                                   squidge

This comes from the "telnetd_exploit.tar.gz" package written by
squidge@onyx.infonexus.com (or at least thats the address in the
readme that comes with the package).

It exploits the LD_PRELOAD environment variable to attack
telnetd. This is a well known security hole that has been discussed
quite a lot here and other places. 

I used this package to demonstrate to the students the dangers of a
writeable anonymous ftp directory. The student machines we use are
quite old and are all vulnerable to this bug :-)

Cheers, Andrew

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Andrew Tridgell                            Dept. of Computer Science
email: Andrew.Tridgell@anu.edu.au          Australian National University 
Phone: +61 6 254 8209                      Fax: +61 6 249 0010
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

home help back first fref pref prev next nref lref last post