[935] in bugtraq
Possible backdoor in ftpd?
daemon@ATHENA.MIT.EDU (James Seng)
Tue Feb 7 22:52:16 1995
Date: Wed, 8 Feb 1995 11:03:30 +0800 (SST)
From: James Seng <jseng@darwin.technet.sg>
To: bugtraq@fc.net
I have recieve this log from my xferlog from my ftpsite.
Mon Feb 6 22:59:03 1995 1 merlion.singnet.com.sg 9 /incoming/cr b _ i a
brains@ ftp 0 *
Mon Feb 6 22:59:59 1995 1 merlion.singnet.com.sg 9 /incoming/cr b _ i a
brains@ ftp 0 *
What he basically does is that he has uploaded a file called 'cr' (9
bytes) in binary mode into my ftp.technet.sg:/incoming directory. It is
nothing of interested except that the file he uploaded (cr) contain
chroot /
I suspect it has do to with the backdoor in the trojan wu-ftpd which
happen to be distributed with bsdi (yea..mine is a bsdi but with a
patched ftpd). Anyone has more information on this?
-James Seng
