ARCHIVE: 'Phage List' - Archives (1988 - 1989)
DOCUMENT: phage #352 [FTP holes in the head..] (1 message, 1291 bytes)
NOTICE: securitydigest.org recognises the rights of all third-party works.
START OF DOCUMENT
From: Eric S. Johnson <[email protected]>
Date: Wed 19:28:49 07/12/1988 EST
Subject: FTP holes in the head..
References: [Thread Prev: 347] [Thread Next: 353] [Message Prev: 351] [Message Next: 353]
The recent NIC scare (and MILnet gateway shutdown, so I understand) were caused by the recently (slightly before The Worm) discovered security bugs in the FTP deamon. I'll give a description of what these bugs can do, but I don't feel like telling ya how to exploit them. (I've yet to convince all the other Admins on campus here to upgrade to the NEW berkeley ftpd, though I personally ported it to all the arch. on campus.. :-( thus again proving the biggest security hole is administration.) 1. The anonymous FTP bug. Most stock 4.2 and 4.3 derived systems have this bug. I've seen it on BSD 4.3, Gould's UTX 2.0U6, Sun's (3.X and 4.0), PC/RT's running BSD 4.3, and pyramid's. It allows anyone to gain root FTP access on any system which has anonymous FTP. Thankfully, most (if not all) of the systems I anonymous ftp to have fixed this bug. This bug (and the fix) was posted to comp.bugs.4bsd.ucb-fixes right before The Worm hit. 2. The SunOS 3.X FTP bug. Systems which have ftpd's derived from 4.2 BSD are vulnerable. This includes SunOS 3.2, 3.4 and 3.5. It may include other systems of 4.2 derivation. This bug will allow any user who could normally get access via FTP (with their regular login/password) to get root access via FTP. This bug is slightly less well known but a bit less dangerous, since you have to have a valid login to exploit it. I dont think anonymous ftp is vulnerable, but I won't swear to it. The cure for both of these bugs is to get the new ftpd from ucbvax.berkeley.edu (among other places) and port it to your machine. This port is pretty simple, and I can provide email help if you need it. Until you replace your ftpd with the new one, DO NOT run any sort of anonymous FTP. If you have a 4.2 derived system, you may want to disable incoming FTP completly. These bugs DO NOT seem to affect TWG/TCP or CMU/TCP-IP on vms systems. (but again, I won't swear to it...) I plan to send off details of these bugs to Andrew Burt's security mailing list after I make it through the end-of-semester madness, but I imagine someone already has.. Ej
END OF DOCUMENT
|ISSN 1742-948X 01 (Online) | 2005/03/01 | Copyright 2002-2008 securitydigest.org. All rights reserved.|