[412] in RedHat Linux List
Re: problem I reported with anonftp
daemon@ATHENA.MIT.EDU (Simon Karpen)
Tue Oct 22 13:24:16 1996
Date: Tue, 22 Oct 1996 13:22:59 -0400 (EDT)
From: Simon Karpen <slk@karpes.stu.rpi.edu>
To: redhat-list@redhat.com
In-Reply-To: <199610221354.JAA18686@redhat.com>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
Basically, the exploit is that a .forward can be placed in the world
writable ~ftp, with the .forward mailing the passwd file to the person who
setup the exploit. It's even mentioned in at least one CERT advisory (I
found the problem by running SATAN on my system; that's the only hole it
found on a basically default RedHat 4.0 install). However, erasing and
reinstalling anonftp from the rpm corrected the problem. It appears that
there is something going wrong during the install (installed off of hard
disk partiton, clean install, all ide disks)
Simon Karpen
karpes@rpi.edu, slk@karpes.stu.rpi.edu
Computer and Systems Engineering at RPI
--
PLEASE read the Red Hat FAQ, Tips, HOWTO and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-HOWTO
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
