[459] in RedHat Linux List
Re: problem I reported with anonftp
daemon@ATHENA.MIT.EDU (Chris Powell)
Tue Oct 22 18:16:08 1996
To: redhat-list@redhat.com
In-reply-to: slk's message of Tue, 22 Oct 1996 13:22:59 -0400.
<Pine.LNX.3.95.961022131934.5676A-100000@karpes.stu.rpi.edu>
Date: Tue, 22 Oct 1996 18:12:07 -0400
From: Chris Powell <helios@brickandivy.com>
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
> Basically, the exploit is that a .forward can be placed in the world
> writable ~ftp, with the .forward mailing the passwd file to the person who
> setup the exploit. It's even mentioned in at least one CERT advisory (I
> found the problem by running SATAN on my system; that's the only hole it
You actually got SATAN to run!? Bah! I messed with it for an age before
giving up on that avenue. ;p
Regards,
Chris
--
Christopher Powell Brick and Ivy Corporate Consulting, Inc.
powell@brickandivy.com http://www.brickandivy.com
-= A PGP key is available and gladly shared =-
-= Please note my new email address =-
--
PLEASE read the Red Hat FAQ, Tips, HOWTO and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-HOWTO
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
