[2882] in Kerberos-V5-bugs


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

pending/553: krb5 ftpd

daemon@ATHENA.MIT.EDU (Wolfgang Rupprecht)
Tue Feb 24 17:58:07 1998

Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: gnats-admin@rt-11.MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, Wolfgang Rupprecht <wolfgang@wsrcc.com>
Date: Tue, 24 Feb 1998 14:57:38 -0800 (PST)
From: Wolfgang Rupprecht <wolfgang@wsrcc.com>
To: krb5-bugs@MIT.EDU


>Number:         553
>Category:       pending
>Synopsis:       krb5 ftpd
>Confidential:   yes
>Severity:       serious
>Priority:       medium
>Responsible:    gnats-admin
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Tue Feb 24 17:58:01 EST 1998
>Last-Modified:
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
Krb5 ftpd had two significant bugs that interact badly.

1) anon-ftp can create directories in ~/incoming.  These directories 
   are normal read/write directories that can be used as drop boxes
   for anonymous third parties.

2) the syslog-ing of anonymouse ftp commands doesn't work.
   This allows the above folks to mostly evade detection.

-wolfgang
-- 
Wolfgang Rupprecht    <wolfgang@wsrcc.com>     http://www.wsrcc.com/wolfgang/
	  Never trust a program you don't have sources for.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[2882] in Kerberos-V5-bugs

pending/553: krb5 ftpd

daemon@ATHENA.MIT.EDU (Wolfgang Rupprecht)Tue Feb 24 17:58:07 1998

daemon@ATHENA.MIT.EDU (Wolfgang Rupprecht)
Tue Feb 24 17:58:07 1998