[10457] in bugtraq
Re: wuftp2.4.2academ beta 12-18 exploit
daemon@ATHENA.MIT.EDU (laq@SWIPNET.SE)
Thu May 6 16:13:12 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.02.9905051456280.2095-100000@Liquid.laqqah.net>
Date: Wed, 5 May 1999 15:00:32 +0200
Reply-To: laq@SWIPNET.SE
From: laq@SWIPNET.SE
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.GSO.4.10.9905032005460.2394-100000@ruby.ils.unc.edu>
> Workaround:
>
> wu-ftpd and variants that use files /etc/ftp* for configuration
> can easily help protect you against the many recent variants that
> exploit buffer overflows with MKDIR. All the varieties I've
> seen require creating a directory or file - that's where the
> overflow happens.
>
> In /etc/ftpaccess, you have the option to specify what commands
> may and may not be run by particular users. Just add lines to
> specify that user anonymous (or whatever others you want) cannot
> put, delete, mkdir, etc.
>
> E.g., lines like these:
>
> chmod no anonymous
> delete no anonymous
> overwrite no anonymous
> rename no anonymous
> mkdir no anonymous
> upload no anonymous
if you still want to let anonymous users create directories,
take a look at path-filter option for that very same file.
# path-filter...
path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-
when i tried the exploit on myself i got alot of "Permission denied (pathname)",
so at least it seems to work.
