[Home] [Credit Search] [Category Browser] [Staff Roll Call] The LINUX.COM Article Archive
Originally Published: Wednesday, 22 December 1999 Author: Quentin Cregan
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

Major bug in BetaFTPD 0.0.8pre7

[Vuln-Dev] "I had just downloaded this program off of freshmeat to test it. I decided to change it to go on port 21 (ftpd.h). After doing that I configured and made the program. Than I ran it on my system (Linux 2.2.9 RH 6.0) and the following logs tell the rest:" In essence, when run with certain options, BetaFTPD will transfer ownership of its process to the user (shell style), and authenticate users despite a failed login.



Originally published on Linux.com. Released under the Open Content License unless otherwise stated. Notify Gareth Watts of any errors or copyright violations.