[plug] (Fwd) Re: Local exploit for TrollFTPD-1.26

Beau Kuiper kuiperba at cs.curtin.edu.au
Tue Aug 14 10:57:23 WST 2001


On Mon, 13 Aug 2001, J wrote:

> Found this on bugtraq.  Seems like a good idea.
>
> Now, I have a problem, I have a linux gateway/firewall with a few w2k
> boxen behind.
>
> IIS does not *seem* to support virtual domains for ftp.  Not to mention
> that it is a buffer overflow waiting to happen.

The ftp protocol does not support vitual domains. Sorry, can't be done
that way. But, you could mount your smb partitions as subdirectories of
your main ftp area.

>
> So, I could put a 'secure'(ish) ftp with virtual domains on my gateway
> (or another linux box), and smbmount the directories on the webserver's
> behind it.  Or is this madness?

probably madness. But you could use either proftpd, pureftpd, or
muddleftpd to do this. It would probably be best to put it on a machine
behind the firewall, but with a firewall between it and the ISS servers.
But if you really need virtual domains, you are more or less SOL.

The security implications of this could be rather problematic. If your ftp
server is broken into, it could be used to attack the ISS machines (if
there is no protection of those machines from the ftp server machine)

Beau Kuiper
kuiperba at cs.curtin.edu.au

>
> Anyone want to comment on the security implication of this?
>
>
> ------- Forwarded Message Follows -------
> Date sent:      	Mon, 13 Aug 2001 11:22:49 +0200
> From:           	"Jedi/Sector One (Frank DENIS)" <j at jedi.claranet.fr>
> To:             	bugtraq at securityfocus.com
> Subject:        	Re: Local exploit for TrollFTPD-1.26
>
>
>   Pure-FTPd is a derivative of TrollFTPd 1.26.
>
>   However, it doesn't seem to be vulnerable to this attack. The bound
> checking added in TrollFTPD 1.27 have already been implemented in the very
> first version of Pureftpd.
>
>   http://www.pureftpd.org
>
>   Best regards,
>
>             -Frank.
>
>
>




More information about the plug mailing list