|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Wednesday, 22 December 1999||Author: Quentin Cregan|
|Published to: news_enhance_security/Security News||Page: 1/1 - [Std View]|
Major bug in BetaFTPD 0.0.8pre7
[Vuln-Dev] "I had just downloaded this program off of freshmeat to test it. I decided to change it to go on port 21 (ftpd.h). After doing that I configured and made the program. Than I ran it on my system (Linux 2.2.9 RH 6.0) and the following logs tell the rest:" In essence, when run with certain options, BetaFTPD will transfer ownership of its process to the user (shell style), and authenticate users despite a failed login.