[12560] in bugtraq
Re: WU-FTPD
daemon@ATHENA.MIT.EDU (hayward@SLOTHMUD.ORG)
Sat Nov 13 20:39:20 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.04.9911121331190.2951-100000@lotus.slothmud.org>
Date: Fri, 12 Nov 1999 13:39:35 -0600
Reply-To: hayward@SLOTHMUD.ORG
From: hayward@SLOTHMUD.ORG
X-To: Mnemonix <mnemonix@GLOBALNET.CO.UK>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <00e701bf2cd7$aca2bb80$1ee893c3@mnemonix>
Doesn't wu-ftpd use the /home/ftp/etc/passwd file for this information,
after doing a chroot during anonymous ftp?
In which case, this is more of a configuration issue rather than a wu-ftpd
issue? Because it depends on what you put in /home/ftp/etc/passwd.
--
Brian Hayward
http://www.slothmud.org/~hayward/mic_humor.html
On Fri, 12 Nov 1999, Mnemonix wrote:
>There's feature of the WU-FTP daemon (Version 2.4.2 tested as well as
earlier versions) (http://www.academ.com/academ/wu-ftpd/) that allows a
remote user to workout what flavour of UNIX the ftp server is running on.
When using the cd (CWD) command to a user accounts home directory (cd
~user) the WU-FTPD will reveal the accounts physical path if the account
is a built in standard account such as root or games or uucp etc. For
non-standard accounts it calims not to know the user:
>
>ftp> cd ~mail
>550 /var/spool/mail: No such file or directory.
>ftp> cd ~games
>550 /usr/games: No such file or directory.
>ftp> cd ~root
>550 /root: No such file or directory.
>ftp> cd ~guest
>550 Unknown user name after ~
>ftp> cd ~jsmith
>550 Unknown user name after ~
>ftp> cd ~nobody
>550 /dev/null: No such file or directory.
>
>Knowing what accounts exist on what flavour of UN*X allows a remote user to can then say with a high degree of certainty that they're dealing with a specific platform.
>
>Cheers,
>David Litchfield
>http://www.infowar.co.uk/mnemonix/
>Cerberus Information Security
>+44(0)181 661 7405
>
>
>
>
