[12555] in bugtraq
WU-FTPD
daemon@ATHENA.MIT.EDU (Mnemonix)
Fri Nov 12 14:56:26 1999
Mime-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_00E4_01BF2CD7.AB63D2E0"
Message-Id: <00e701bf2cd7$aca2bb80$1ee893c3@mnemonix>
Date: Fri, 12 Nov 1999 06:32:19 -0000
Reply-To: Mnemonix <mnemonix@GLOBALNET.CO.UK>
From: Mnemonix <mnemonix@GLOBALNET.CO.UK>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
------=_NextPart_000_00E4_01BF2CD7.AB63D2E0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
There's feature of the WU-FTP daemon (Version 2.4.2 tested as well as =
earlier versions) (http://www.academ.com/academ/wu-ftpd/) that allows a =
remote user to workout what flavour of UNIX the ftp server is running =
on. When using the cd (CWD) command to a user accounts home directory =
(cd ~user) the WU-FTPD will reveal the accounts physical path if the =
account is a built in standard account such as root or games or uucp =
etc. For non-standard accounts it calims not to know the user:
ftp> cd ~mail
550 /var/spool/mail: No such file or directory.
ftp> cd ~games
550 /usr/games: No such file or directory.
ftp> cd ~root
550 /root: No such file or directory.
ftp> cd ~guest
550 Unknown user name after ~
ftp> cd ~jsmith
550 Unknown user name after ~
ftp> cd ~nobody
550 /dev/null: No such file or directory.
Knowing what accounts exist on what flavour of UN*X allows a remote user =
to can then say with a high degree of certainty that they're dealing =
with a specific platform.
Cheers,
David Litchfield
http://www.infowar.co.uk/mnemonix/
Cerberus Information Security
+44(0)181 661 7405
------=_NextPart_000_00E4_01BF2CD7.AB63D2E0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>There's feature of the WU-FTP =
daemon (Version=20
2.4.2 tested as well as earlier versions) (</FONT><FONT face=3DArial =
size=3D2><A=20
href=3D"http://www.academ.com/academ/wu-ftpd/">http://www.academ.com/acad=
em/wu-ftpd/</A>)=20
that allows a remote user to workout what flavour of UNIX the ftp server =
is=20
running on. When using the cd (CWD) command to a user accounts home =
directory=20
(cd ~user) the WU-FTPD will reveal the accounts physical path if the =
account is=20
a built in standard account such as root or games or uucp etc. For =
non-standard=20
accounts it calims not to know the user:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>ftp> cd ~mail<BR>550 =
/var/spool/mail: No such=20
file or directory.<BR>ftp> cd ~games<BR>550 /usr/games: No such file =
or=20
directory.<BR>ftp> cd ~root<BR>550 /root: No such file or=20
directory.<BR>ftp> cd ~guest<BR>550 Unknown user name after =
~<BR>ftp> cd=20
~jsmith<BR>550 Unknown user name after ~<BR>ftp> cd ~nobody<BR>550 =
/dev/null:=20
No such file or directory.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Knowing what accounts exist on what =
flavour of UN*X=20
allows a remote user to can then say with a high degree of certainty =
that=20
they're dealing with a specific platform.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Cheers,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>David Litchfield</FONT></DIV>
<DIV><FONT face=3DArial size=3D2><A=20
href=3D"http://www.infowar.co.uk/mnemonix/">http://www.infowar.co.uk/mnem=
onix/</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Cerberus Information =
Security</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>+44(0)181 661 7405</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2><BR> </DIV></FONT></BODY></HTML>
------=_NextPart_000_00E4_01BF2CD7.AB63D2E0--
