[1227] in linux-security and linux-alert archive
[linux-security] Re: Alinux-securityA Attempt to break through ftp
daemon@ATHENA.MIT.EDU (Andrew Tridgell)
Thu Oct 17 02:34:24 1996
From: Andrew Tridgell <tridge@arvidsjaur.anu.edu.au>
To: fnevgeny@plasma-gate.weizmann.ac.il
CC: linux-security@tarsier.cv.nrao.edu
In-reply-to: <199610160110.DAA09910@plasma.weizmann.ac.il> (message from
Evgeny Stambulchik on Wed, 16 Oct 1996 03:10:47 +0200 (GMT+0200))
Reply-to: Andrew.Tridgell@anu.edu.au
Date: Wed, 16 Oct 1996 19:54:05 +1000
Evgeny wrote:
> # strings ~ftp/incoming/lininfo.zip
>
> [skipped not interesting stuff]
>
> root-access
> Welcome to the wonderful world of uid = 0
> squidge
This comes from the "telnetd_exploit.tar.gz" package written by
squidge@onyx.infonexus.com (or at least thats the address in the
readme that comes with the package).
It exploits the LD_PRELOAD environment variable to attack
telnetd. This is a well known security hole that has been discussed
quite a lot here and other places.
I used this package to demonstrate to the students the dangers of a
writeable anonymous ftp directory. The student machines we use are
quite old and are all vulnerable to this bug :-)
Cheers, Andrew
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Andrew Tridgell Dept. of Computer Science
email: Andrew.Tridgell@anu.edu.au Australian National University
Phone: +61 6 254 8209 Fax: +61 6 249 0010
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-