ftpd loop hole ?
Gleb Smirnoff
glebius at cell.sick.ru
Tue Feb 24 23:34:32 PST 2004
On Wed, Feb 25, 2004 at 04:58:35AM +0100, Julian Stacey wrote:
J> Some bandwidth thief uploaded videos to my ~ftp/ for bootleggers to download.
...
J> /etc/master.passwd
J> ftp:*:14:5::0:0:Anonymous FTP tower.berklix:/usr1/ftp:/sbin/nologin
...
J> /etc/inetd.conf
J> ftp stream tcp nowait root /usr/libexec/ftpd ftpd -l -l
With configuration described above, you have got an anonymous ftp login.
J> >From man ftpd I can see & have added:
J> -M Prevent anonymous users from creating directories.
I do not see this in your inetd.conf.
Since you have "-l -l", you can obtain all needed information from
log files.
--
Totus tuus, Glebius.
GLEBIUS-RIPN GLEB-RIPE
More information about the freebsd-isp
mailing list