misc/72508: Anyone can change root on anonymous ftp
Night Elf
johnnytk at math.dvgu.ru
Mon Oct 11 07:20:18 PDT 2004
The following reply was made to PR misc/72508; it has been noted by GNATS.
From: Night Elf <johnnytk at math.dvgu.ru>
To: bug-followup at FreeBSD.org
Cc:
Subject: Re: misc/72508: Anyone can change root on anonymous ftp
Date: Tue, 12 Oct 2004 01:15:46 +1100
|<-220 server FTP server (Version 6.00LS) ready.
|->USER anonymous
|<-331 Guest login ok, send your email address as password.
|->PASS *hidden*
|<-230 Guest login ok, access restrictions apply.
|->SYST
|<-215 UNIX Type: L8 Version: BSD-199506
|->PWD
|<-257 "/" is current directory.
|->REST 0
|<-350 Restarting at 0. Send STORE or RETRIEVE to initiate transfer.
|->PORT 192,168,1,2,8,58
|<-200 PORT command successful.
|->LIST -la
|<-150 Opening ASCII mode data connection for '/bin/ls'.
|<-226 Transfer complete.
|->CWD incoming
|<-250 CWD command successful.
|->PWD
|<-257 "/incoming" is current directory.
|->PORT 192,168,1,2,8,59
|<-200 PORT command successful.
|->LIST -la
|<-150 Opening ASCII mode data connection for '/bin/ls'.
|<-226 Transfer complete.
|->MKD upload
|<-257 "upload" directory created.
|->PORT 192,168,1,2,8,60
|<-200 PORT command successful.
|->LIST -la /incoming/upload/plan.htm
|<-150 Opening ASCII mode data connection for '/bin/ls'.
|<-226 Transfer complete.
|->SIZE /incoming/upload/plan.htm
|<-550 /incoming/upload/plan.htm: No such file or directory.
|->TYPE I
|<-200 Type set to I.
|->PORT 192,168,1,2,8,61
|<-200 PORT command successful.
|->STOR /incoming/upload/plan.htm
|<-150 Opening BINARY mode data connection for '/incoming/upload/plan.htm'.
|<-226 Transfer complete (unique file name:/incoming/upload/plan.htm).
|->PORT 192,168,1,2,8,62
|<-200 PORT command successful.
|->TYPE A
|<-200 Type set to A.
|->LIST -la
|<-150 Opening ASCII mode data connection for '/bin/ls'.
|<-226 Transfer complete.
|->TYPE I
|<-200 Type set to I.
|->CWD upload
|<-250 CWD command successful.
|->PWD
|<-257 "/incoming/upload" is current directory.
|->PORT 192,168,1,2,8,63
|<-200 PORT command successful.
|->TYPE A
|<-200 Type set to A.
|->LIST -la
|<-150 Opening ASCII mode data connection for '/bin/ls'.
|<-226 Transfer complete.
//dir moved on server
|->TYPE I
|<-200 Type set to I.
|->PORT 192,168,1,2,8,64
|<-200 PORT command successful.
|->TYPE A
|<-200 Type set to A.
|->LIST -la
|<-150 Opening ASCII mode data connection for '/bin/ls'.
|<-226 Transfer complete.
|->TYPE I
|<-200 Type set to I.
|->CWD ..
|<-250 CWD command successful.
|->PWD
|<-257 "/usr/local/apache/data/htdocs/antipav" is current directory.
|->PORT 192,168,1,2,8,65
|<-200 PORT command successful.
|->TYPE A
|<-200 Type set to A.
|->LIST -la
|<-150 Opening ASCII mode data connection for '/bin/ls'.
|<-226 Transfer complete.
|->TYPE I
|<-200 Type set to I.
Monday, October 11, 2004, 10:40:50 PM, you wrote:
CD> Synopsis: Anyone can change root on anonymous ftp
CD> State-Changed-From-To: open->feedback
CD> State-Changed-By: ceri
CD> State-Changed-When: Mon Oct 11 11:37:29 GMT 2004
CD> State-Changed-Why:
CD> To help us understand this better, could you please copy in a transcript
CD> of a session by mailing it to bug-followup at FreeBSD.org, leaving the
CD> subject line intact? Thanks.
CD> http://www.freebsd.org/cgi/query-pr.cgi?pr=72508
--==winnehr==--
aka
--==Night Elf==--
ICQ: 147472743
http://jsoft.monolit-r.ru/
More information about the freebsd-bugs
mailing list