[81] in Security FYI
new remote-root ftpd vulnerabilities due to glob()
daemon@ATHENA.MIT.EDU (Roger Dingledine)
Tue Apr 10 00:17:47 2001
Date: Tue, 10 Apr 2001 00:17:30 -0400
From: Roger Dingledine <arma@MIT.EDU>
To: security-fyi@mit.edu
Message-ID: <20010410001730.Y3876@belegost.mit.edu>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="huq684BweRXVnRxX"
Content-Disposition: inline
--huq684BweRXVnRxX
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
See http://www.pgp.com/research/covert/advisories/048.asp
It references http://www.cert.org/advisories/CA-2001-07.html which doesn't
exist yet. In general, the problem apparently allows remote-root access
via an ftpd in many common configurations, on most common operating
systems (Sun, HP, SGI, NetBSD, FreeBSD) except for Linux.
--Roger
--huq684BweRXVnRxX
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE60olX61qJaiiYi/URAkfaAJ9KpcAaTbvvNNM0MHPJWq4UBMHVRwCgrw0u
dYGsS+3vOYr0eKUYdSh/vWs=
=z+IJ
-----END PGP SIGNATURE-----
--huq684BweRXVnRxX--
