[4794] in bugtraq
Re: WU-ftpd Upload Ownership/Permissions Bug
daemon@ATHENA.MIT.EDU (Michael Brennen)
Wed Jun 25 20:50:43 1997
Date: Wed, 25 Jun 1997 10:36:10 -0500
Reply-To: Michael Brennen <mbrennen@fni.com>
From: Michael Brennen <mbrennen@FNI.COM>
X-To: Juan Valdez <andrewr@alpha1.excell.net>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <33B08CDE.21B3@mailserver.excell.net>
Please reread my post. I did find a hole, it just was not as prevalent as
I thought (perhaps more insidious because of that). It might not be the
normal case, but it is possible without the fix to configure the wu-ftpd
daemon in such a way that one's security configuration is ignored.
-- Michael
On Tue, 24 Jun 1997, Juan Valdez wrote:
> After reading the original WU-ftpd post by Michael Brennen, then reading
> this one, I thank him greatly for making sure that we all were informed
> about this error on his behalf. While I dont make advisory posts here,
> I do feel we all could learn from this. To take a look at what we have
> noted as a hole, and then recheck it to make sure there are no mistakes.
