misc/72508: Anyone can change root on anonymous ftp
winnehr
root at monolit-r.ru
Mon Oct 11 04:30:21 PDT 2004
>Number: 72508
>Category: misc
>Synopsis: Anyone can change root on anonymous ftp
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Oct 11 11:30:20 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: winnehr
>Release: FreeBSD 5.1-RELEASE
>Organization:
JSoft
>Environment:
FreeBSD server 5.1-RELEASE FreeBSD 5.1-RELEASE #1: Sat Sep 11 00:43:46 VLAST 2004 winnehr at server:/usr/src/sys/i386/compile/new i386
>Description:
Anyone can change root on anonymous ftp
>How-To-Repeat:
* logon anonymously on ftp (standart /usr/libexec/ftpd -l in /etc/inetd.conf)
* upload any dir to it and enter to it (for example with programm setup files)
* move on ftp server this dir to any other location (for example /tmp)
* exit from dir on ftp client and.... you in /tmp dir and can move to other dirs
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list