[1259] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Possible compromise?

daemon@ATHENA.MIT.EDU (Daniel Pewzner)
Thu Oct 24 19:58:47 1996

Date: Tue, 22 Oct 1996 22:54:13 -0700 (PDT)
From: Daniel Pewzner <vegi@eskimo.com>
To: linux-security@tarsier.cv.nrao.edu

I've noticed a couple of strange things on my system.  First, I believe
someone has apparently found some flaw in the wu-ftpd-2.4.2-BETA-10 that
I have yet to read about.

The /home/ftp directory was chown'd to ftp.bin, and I found a couple libs 
uploaded. My logs show:

Sat Oct 19 21:19:24 1996 27 linux.netlink.net 634880 /libc.so.4 b _ i a a@
ftp 0 *
Sat Oct 19 21:20:02 1996 31 linux.netlink.net 555179 /libc.so.5 b _ i a a@
ftp 0 *

I fixed telnetd long ago, and /home/ftp/bin/ls is a static bin.
I don't seem to see further access from this site beyond what look l like
a couple or port scans on the same day.

Does anyone know of a problem with wu-ftp, other than the core dump?

home help back first fref pref prev next nref lref last post