Originally Published: Wednesday, 22 December 1999 Author: Quentin Cregan
Published to: news_enhance_security/Security News Page: 1/1 - [Printable]

Major bug in BetaFTPD 0.0.8pre7

[Vuln-Dev] "I had just downloaded this program off of freshmeat to test it. I decided to change it to go on port 21 (ftpd.h). After doing that I configured and made the program. Than I ran it on my system (Linux 2.2.9 RH 6.0) and the following logs tell the rest:" In essence, when run with certain options, BetaFTPD will transfer ownership of its process to the user (shell style), and authenticate users despite a failed login.