[6643] in bugtraq
Re: Serv-U FTP Exploit?
daemon@ATHENA.MIT.EDU (Kevlar)
Fri May 1 14:13:38 1998
Date: Thu, 30 Apr 1998 12:21:37 -0700
Reply-To: Kevlar <kevlar@SMARTLINK.NET>
From: Kevlar <kevlar@SMARTLINK.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <3547AA49.F9E67F04@yankton.com>
One of the orinigal versions had just such an expliot. But that was fixed a
long time ago, when the serv-u program was pretty new. The newest release
is secure as far as I can tell.
At 05:31 PM 4/29/98 -0500, Chris Kline wrote:
>I've heard a few rumors about an exploit found in Serv-U FTP that supposedly
>compromised all security and gave you full access to the servers hard drive,
>including execution permissions. Because of this I've been warned not to use
>it, but no matter how much I search for an exploit, I can't seem to find it.
>So can anyone confirm this exploit and show how it's done and what to do to
>protect against it?
>
>
-Kevlar
<Kevlar@smartlink.net>
My motto: Be good, Or be good at it.
Oh, I'm sorry... Was I not suposed to EXPORT STRONG CRYPTO?
print pack"C*",split/\D+/,`echo
"16iII*o\U@{$/=$z;[(pop,pop,unpack"H*",<>
)]}\EsMsKsN0[lN*1lK[d2%Sa2/d0<X+d*lMLa^*lN%0]dsXx++lMlN/dsM0<J]dsJxp"|
dc`
Beat your algorithms into swords and your virtual machines into spears...
Let the weak say, "I am strong".
