[324] in RedHat Linux List
possibly serious security hole in colgate -- anonftp
daemon@ATHENA.MIT.EDU (Simon Karpen)
Mon Oct 21 23:55:30 1996
Date: Mon, 21 Oct 1996 23:54:02 -0400 (EDT)
From: Simon Karpen <slk@karpes.stu.rpi.edu>
To: redhat-list@redhat.com
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
On a clean install of RedHat 4.0 (I had 3.0.3, but chose to mkfs the
partiton anyway, as I prefer a clean install), there is a serious security
hole in anonftp that I have managed to exploit on my own machine.
The directory /home/ftp is writable by the user ftp, which allows a user
at any site to obtain a copy of any world readable file on the machine,
including /etc/passwd (only significant if you are not using shadow),
among others.
The shared libraries in ~ftp/lib are also writable by the user ftp. This
allows for serious security problmes, as these shared libraries could be
overwritten with "intersting" stuff.
It is also questionable whether the files in this directory should even be
owned by root.root or ftp.ftp.
Redhat Crew, this is a great product, however, this particular hole needs
to be fixed.
Simon Karpen
karpes@rpi.edu, slk@karpes.stu.rpi.edu
Computer and Systems Engineering at RPI
--
PLEASE read the Red Hat FAQ, Tips, HOWTO and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-HOWTO
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
