InfoMagic Internet Tools 1993 July

home *** CD-ROM | disk | FTP | other *** search
/ InfoMagic Internet Tools 1993 July / Internet Tools.iso / RockRidge / archival / ftp / holefixes / ftpfix2 < prev next >
Mailbox/MIME Entity | 1988-11-10 | 4.3 KB
open in:
MacOS 8.1 extracted |
Win98 extracted |
DOS extracted
browse contents |
view JSON data |
view as text

This file was processed as: Mailbox/MIME Entity (archive/mbox).
Confidence	Program	Detection	Match Type	Support
`100%`	dexvert	Mailbox/MIME Entity `(archive/mbox)`	magic	Supported
`100%`	dexvert	Internet Message Format `(text/imf)`	magic	Supported
`1%`	dexvert	Text File `(text/txt)`	fallback	Supported
`100%`	file	Mailbox text, 1st line "From Sun-Nets-request@brillig.umd.edu Thu Nov 10 10:45:59 1988 "	default
`99%`	file	C source, ASCII text	default
`100%`	TrID	E-Mail message (Var. 2)	default
`100%`	checkBytes	Printable ASCII	default
`100%`	perlTextCheck	Likely Text (Perl)	default
`100%`	siegfried	x-fmt/111 Plain Text File	default
`100%`	detectItEasy	Format: Plain text[LF]	default
`100%`	xdgMime	application/mbox	default
hex view
+--------+-------------------------+-------------------------+--------+--------+
|00000000| 46 72 6f 6d 20 53 75 6e | 2d 4e 65 74 73 2d 72 65 |From Sun|-Nets-re|
|00000010| 71 75 65 73 74 40 62 72 | 69 6c 6c 69 67 2e 75 6d |quest@br|illig.um|
|00000020| 64 2e 65 64 75 20 20 54 | 68 75 20 4e 6f 76 20 31 |d.edu  T|hu Nov 1|
|00000030| 30 20 31 30 3a 34 35 3a | 35 39 20 31 39 38 38 20 |0 10:45:|59 1988 |
|00000040| 20 0a 52 65 63 65 69 76 | 65 64 3a 20 62 79 20 62 | .Receiv|ed: by b|
|00000050| 72 69 6c 6c 69 67 2e 75 | 6d 64 2e 65 64 75 20 28 |rillig.u|md.edu (|
|00000060| 35 2e 35 38 2f 34 2e 37 | 29 0a 09 69 64 20 41 41 |5.58/4.7|)..id AA|
|00000070| 30 38 32 34 38 3b 20 54 | 68 75 2c 20 31 30 20 4e |08248; T|hu, 10 N|
|00000080| 6f 76 20 38 38 20 31 30 | 3a 34 35 3a 35 39 20 45 |ov 88 10|:45:59 E|
|00000090| 53 54 0a 44 61 74 65 3a | 20 54 68 75 2c 20 31 30 |ST.Date:| Thu, 10|
|000000a0| 20 4e 6f 76 20 38 38 20 | 31 30 3a 34 36 3a 30 30 | Nov 88 |10:46:00|
|000000b0| 20 45 53 54 0a 46 72 6f | 6d 3a 20 73 74 65 76 65 | EST.Fro|m: steve|
|000000c0| 40 75 6d 69 61 63 73 2e | 55 4d 44 2e 45 44 55 20 |@umiacs.|UMD.EDU |
|000000d0| 28 53 74 65 76 65 6e 20 | 44 2e 20 4d 69 6c 6c 65 |(Steven |D. Mille|
|000000e0| 72 29 0a 4d 65 73 73 61 | 67 65 2d 49 64 3a 20 3c |r).Messa|ge-Id: <|
|000000f0| 38 38 31 31 31 30 31 35 | 34 36 2e 41 41 31 35 39 |88111015|46.AA159|
|00000100| 39 39 40 66 6e 6f 72 64 | 2e 75 6d 69 61 63 73 2e |99@fnord|.umiacs.|
|00000110| 55 4d 44 2e 45 44 55 3e | 0a 54 6f 3a 20 73 75 6e |UMD.EDU>|.To: sun|
|00000120| 2d 6e 65 74 73 40 62 72 | 69 6c 6c 69 67 2e 75 6d |-nets@br|illig.um|
|00000130| 64 2e 65 64 75 2c 20 73 | 75 6e 2d 73 70 6f 74 73 |d.edu, s|un-spots|
|00000140| 40 72 69 63 65 2e 65 64 | 75 0a 53 75 62 6a 65 63 |@rice.ed|u.Subjec|
|00000150| 74 3a 20 42 49 47 20 73 | 65 63 75 72 69 74 79 20 |t: BIG s|ecurity |
|00000160| 68 6f 6c 65 20 28 23 32 | 20 6f 66 20 32 29 20 69 |hole (#2| of 2) i|
|00000170| 6e 20 66 74 70 64 0a 53 | 65 6e 64 65 72 3a 20 53 |n ftpd.S|ender: S|
|00000180| 75 6e 2d 4e 65 74 73 2d | 72 65 71 75 65 73 74 40 |un-Nets-|request@|
|00000190| 62 72 69 6c 6c 69 67 2e | 75 6d 64 2e 65 64 75 0a |brillig.|umd.edu.|
|000001a0| 0a 20 20 20 5b 54 6f 20 | 50 68 69 6c 20 52 69 63 |.   [To |Phil Ric|
|000001b0| 65 3a 20 69 66 20 74 68 | 69 73 20 68 61 73 20 61 |e: if th|is has a|
|000001c0| 6c 72 65 61 64 79 20 61 | 70 70 65 61 72 65 64 20 |lready a|ppeared |
|000001d0| 69 6e 20 53 75 6e 2d 53 | 70 6f 74 73 2c 20 66 65 |in Sun-S|pots, fe|
|000001e0| 65 6c 20 66 72 65 65 20 | 6a 75 73 74 0a 74 6f 20 |el free |just.to |
|000001f0| 64 72 6f 70 20 69 74 2e | 20 20 49 27 6d 20 6e 6f |drop it.|  I'm no|
|00000200| 74 20 73 68 6f 6f 74 69 | 6e 67 20 66 6f 72 20 75 |t shooti|ng for u|
|00000210| 6e 6e 65 63 65 73 73 61 | 72 79 20 64 75 70 6c 69 |nnecessa|ry dupli|
|00000220| 63 61 74 69 6f 6e 2c 20 | 6a 75 73 74 20 77 69 64 |cation, |just wid|
|00000230| 65 0a 63 6f 76 65 72 61 | 67 65 2e 2e 2e 20 20 53 |e.covera|ge...  S|
|00000240| 44 4d 5d 0a 0a 20 20 20 | 41 73 20 6d 61 6e 79 20 |DM]..   |As many |
|00000250| 6f 66 20 79 6f 75 20 6b | 6e 6f 77 2c 20 61 20 6d |of you k|now, a m|
|00000260| 61 6a 6f 72 20 62 75 67 | 20 69 6e 20 46 54 50 20 |ajor bug| in FTP |
|00000270| 77 61 73 20 64 69 73 63 | 6f 76 65 72 65 64 2c 20 |was disc|overed, |
|00000280| 6f 72 20 61 74 20 6c 65 | 61 73 74 20 66 69 72 73 |or at le|ast firs|
|00000290| 74 0a 70 75 62 6c 69 63 | 69 7a 65 64 2c 20 73 6f |t.public|ized, so|
|000002a0| 6d 65 74 69 6d 65 20 6c | 61 73 74 20 77 65 65 6b |metime l|ast week|
|000002b0| 20 6f 72 20 74 68 65 72 | 65 61 62 6f 75 74 73 2e | or ther|eabouts.|
|000002c0| 20 20 49 66 20 79 6f 75 | 20 61 72 65 20 70 72 6f |  If you| are pro|
|000002d0| 76 69 64 69 6e 67 0a 61 | 6e 6f 6e 79 6d 6f 75 73 |viding.a|nonymous|
|000002e0| 20 46 54 50 20 6f 6e 20 | 61 6e 79 20 34 2e 5b 32 | FTP on |any 4.[2|
|000002f0| 33 5d 42 53 44 2d 64 65 | 72 69 76 65 64 20 73 79 |3]BSD-de|rived sy|
|00000300| 73 74 65 6d 2c 20 79 6f | 75 20 6e 65 65 64 20 74 |stem, yo|u need t|
|00000310| 6f 20 61 70 70 6c 79 20 | 74 68 65 20 66 69 72 73 |o apply |the firs|
|00000320| 74 0a 70 61 74 63 68 2e | 20 20 54 68 65 20 73 65 |t.patch.|  The se|
|00000330| 63 6f 6e 64 20 70 61 74 | 63 68 20 69 73 20 6e 65 |cond pat|ch is ne|
|00000340| 63 65 73 73 61 72 79 20 | 6f 6e 6c 79 20 6f 6e 20 |cessary |only on |
|00000350| 73 79 73 74 65 6d 73 20 | 75 73 69 6e 67 20 74 68 |systems |using th|
|00000360| 65 20 34 2e 32 42 53 44 | 20 66 74 70 64 0a 28 77 |e 4.2BSD| ftpd.(w|
|00000370| 68 69 63 68 20 6d 65 61 | 6e 73 20 53 75 6e 4f 53 |hich mea|ns SunOS|
|00000380| 20 75 70 20 74 68 72 6f | 75 67 68 20 53 75 6e 4f | up thro|ugh SunO|
|00000390| 73 20 33 2e 35 2c 20 62 | 75 74 20 70 72 6f 62 61 |s 3.5, b|ut proba|
|000003a0| 62 6c 79 20 6e 6f 74 20 | 34 2e 30 2e 29 20 20 45 |bly not |4.0.)  E|
|000003b0| 76 65 6e 20 69 66 0a 79 | 6f 75 27 72 65 20 6e 6f |ven if.y|ou're no|
|000003c0| 74 20 70 72 6f 76 69 64 | 69 6e 67 20 61 6e 6f 6e |t provid|ing anon|
|000003d0| 79 6d 6f 75 73 20 66 74 | 70 2c 20 79 6f 75 20 73 |ymous ft|p, you s|
|000003e0| 68 6f 75 6c 64 20 61 70 | 70 6c 79 20 74 68 65 73 |hould ap|ply thes|
|000003f0| 65 3b 20 49 27 6d 20 6e | 6f 74 20 63 65 72 74 61 |e; I'm n|ot certa|
|00000400| 69 6e 0a 6f 66 66 20 74 | 68 65 20 74 6f 70 20 6f |in.off t|he top o|
|00000410| 66 20 6d 79 20 68 65 61 | 64 20 68 6f 77 20 74 68 |f my hea|d how th|
|00000420| 65 20 73 65 63 6f 6e 64 | 20 62 75 67 20 69 73 20 |e second| bug is |
|00000430| 69 6e 76 6f 6b 65 64 2c | 20 62 75 74 20 49 20 64 |invoked,| but I d|
|00000440| 6f 6e 27 74 20 74 68 69 | 6e 6b 20 69 74 0a 72 65 |on't thi|nk it.re|
|00000450| 71 75 69 72 65 73 20 61 | 6e 6f 6e 79 6d 6f 75 73 |quires a|nonymous|
|00000460| 20 46 54 50 2e 20 20 54 | 68 65 73 65 20 61 72 65 | FTP.  T|hese are|
|00000470| 20 2a 74 77 6f 20 73 65 | 70 61 72 61 74 65 20 62 | *two se|parate b|
|00000480| 75 67 73 2a 2e 0a 0a 20 | 20 20 54 6f 20 68 65 61 |ugs*... |  To hea|
|00000490| 64 20 6f 66 66 20 70 6f | 74 65 6e 74 69 61 6c 20 |d off po|tential |
|000004a0| 66 6c 61 6d 61 67 65 2c | 20 6c 65 74 20 6d 65 20 |flamage,| let me |
|000004b0| 70 6f 69 6e 74 20 6f 75 | 74 20 74 68 61 74 2c 20 |point ou|t that, |
|000004c0| 73 69 6e 63 65 20 74 68 | 69 73 20 69 73 20 61 6e |since th|is is an|
|000004d0| 0a 75 6e 73 65 63 75 72 | 65 20 6c 69 73 74 2c 20 |.unsecur|e list, |
|000004e0| 49 27 6d 20 6e 6f 74 20 | 67 6f 69 6e 67 20 74 6f |I'm not |going to|
|000004f0| 20 62 6c 69 6e 64 6c 79 | 20 70 6f 73 74 20 69 6e | blindly| post in|
|00000500| 66 6f 72 6d 61 74 69 6f | 6e 20 6f 6e 20 68 6f 77 |formatio|n on how|
|00000510| 20 74 6f 20 74 61 6b 65 | 0a 61 64 76 61 6e 74 61 | to take|.advanta|
|00000520| 67 65 20 6f 66 20 74 68 | 65 73 65 20 62 75 67 73 |ge of th|ese bugs|
|00000530| 2e 20 20 41 6c 6c 20 74 | 68 61 74 20 49 20 77 69 |.  All t|hat I wi|
|00000540| 6c 6c 20 74 65 6c 6c 20 | 79 6f 75 20 69 73 20 74 |ll tell |you is t|
|00000550| 68 61 74 20 75 6e 6c 65 | 73 73 20 74 68 65 20 66 |hat unle|ss the f|
|00000560| 69 72 73 74 0a 6f 6e 65 | 20 69 73 20 66 69 78 65 |irst.one| is fixe|
|00000570| 64 2c 20 73 6f 6d 65 6f | 6e 65 20 63 61 6e 20 62 |d, someo|ne can b|
|00000580| 65 63 6f 6d 65 20 72 6f | 6f 74 20 6f 6e 20 79 6f |ecome ro|ot on yo|
|00000590| 75 72 20 73 79 73 74 65 | 6d 20 69 6e 20 61 20 76 |ur syste|m in a v|
|000005a0| 65 72 79 20 73 68 6f 72 | 74 20 74 69 6d 65 2e 0a |ery shor|t time..|
|000005b0| 54 68 65 20 73 65 63 6f | 6e 64 20 6f 6e 65 20 69 |The seco|nd one i|
|000005c0| 73 2c 20 49 20 74 68 69 | 6e 6b 2c 20 6e 6f 74 20 |s, I thi|nk, not |
|000005d0| 71 75 69 74 65 20 74 68 | 61 74 20 62 61 64 2c 20 |quite th|at bad, |
|000005e0| 62 75 74 20 69 74 20 64 | 6f 65 73 20 61 6c 6c 6f |but it d|oes allo|
|000005f0| 77 20 63 72 61 63 6b 65 | 72 73 0a 74 6f 20 62 72 |w cracke|rs.to br|
|00000600| 65 61 6b 20 69 6e 74 6f | 20 6f 74 68 65 72 20 70 |eak into| other p|
|00000610| 65 6f 70 6c 65 27 73 20 | 61 63 63 6f 75 6e 74 73 |eople's |accounts|
|00000620| 2e 20 20 59 6f 75 20 2a | 72 65 61 6c 6c 79 2a 20 |.  You *|really* |
|00000630| 6e 65 65 64 20 74 6f 20 | 64 65 61 6c 20 77 69 74 |need to |deal wit|
|00000640| 68 20 74 68 65 73 65 0a | 66 69 78 65 73 20 2a 73 |h these.|fixes *s|
|00000650| 6f 6f 6e 2a 2e 20 20 49 | 66 20 79 6f 75 20 72 65 |oon*.  I|f you re|
|00000660| 61 6c 6c 79 20 77 61 6e | 74 20 74 6f 20 6b 6e 6f |ally wan|t to kno|
|00000670| 77 20 68 6f 77 20 74 68 | 65 73 65 20 62 75 67 73 |w how th|ese bugs|
|00000680| 20 67 65 74 20 74 72 69 | 67 67 65 72 65 64 2c 20 | get tri|ggered, |
|00000690| 64 72 6f 70 0a 6d 65 20 | 73 6f 6d 65 20 65 6d 61 |drop.me |some ema|
|000006a0| 69 6c 2c 20 61 6e 64 20 | 74 72 79 20 74 6f 20 63 |il, and |try to c|
|000006b0| 6f 6e 76 69 6e 63 65 20 | 6d 65 20 74 68 61 74 20 |onvince |me that |
|000006c0| 79 6f 75 20 6e 65 65 64 | 20 74 6f 20 6b 6e 6f 77 |you need| to know|
|000006d0| 2e 20 20 49 66 20 69 20 | 61 6d 0a 63 6f 6e 76 69 |.  If i |am.convi|
|000006e0| 6e 63 65 64 20 74 68 61 | 74 20 79 6f 75 27 72 65 |nced tha|t you're|
|000006f0| 20 73 6f 6d 65 20 73 79 | 73 74 65 6d 20 61 64 6d | some sy|stem adm|
|00000700| 69 6e 69 73 74 72 61 74 | 6f 72 2c 20 61 6e 64 20 |inistrat|or, and |
|00000710| 6e 6f 74 20 6a 75 73 74 | 20 4a 2e 20 20 52 61 6e |not just| J.  Ran|
|00000720| 64 6f 6d 0a 43 72 61 63 | 6b 65 72 20 28 6e 6f 74 |dom.Crac|ker (not|
|00000730| 20 74 68 61 74 20 74 68 | 65 20 74 77 6f 20 61 72 | that th|e two ar|
|00000740| 65 20 64 69 73 74 69 6e | 63 74 2c 20 6e 65 63 65 |e distin|ct, nece|
|00000750| 73 73 61 72 69 6c 79 29 | 2c 20 49 27 6c 6c 20 6c |ssarily)|, I'll l|
|00000760| 65 74 20 79 6f 75 20 6b | 6e 6f 77 2e 0a 0a 20 20 |et you k|now...  |
|00000770| 20 4e 6f 20 62 69 6e 61 | 72 79 20 66 69 78 65 73 | No bina|ry fixes|
|00000780| 20 61 72 65 20 61 76 61 | 69 6c 61 62 6c 65 2e 20 | are ava|ilable. |
|00000790| 20 53 6f 72 72 79 2e 20 | 20 48 61 76 65 20 66 75 | Sorry. | Have fu|
|000007a0| 6e 2c 20 61 6e 64 20 67 | 6f 6f 64 20 6c 75 63 6b |n, and g|ood luck|
|000007b0| 2e 0a 0a 09 2d 53 74 65 | 76 65 0a 0a 53 70 6f 6b |....-Ste|ve..Spok|
|000007c0| 65 6e 3a 20 53 74 65 76 | 65 20 4d 69 6c 6c 65 72 |en: Stev|e Miller|
|000007d0| 20 20 20 20 44 6f 6d 61 | 69 6e 3a 20 73 74 65 76 |    Doma|in: stev|
|000007e0| 65 40 6d 69 6d 73 79 2e | 75 6d 64 2e 65 64 75 20 |e@mimsy.|umd.edu |
|000007f0| 20 20 20 55 55 43 50 3a | 20 75 75 6e 65 74 21 6d |   UUCP:| uunet!m|
|00000800| 69 6d 73 79 21 73 74 65 | 76 65 0a 50 68 6f 6e 65 |imsy!ste|ve.Phone|
|00000810| 3a 20 2b 31 2d 33 30 31 | 2d 34 35 34 2d 31 38 30 |: +1-301|-454-180|
|00000820| 38 20 20 55 53 50 53 3a | 20 55 4d 49 41 43 53 2c |8  USPS:| UMIACS,|
|00000830| 20 55 6e 69 76 2e 20 6f | 66 20 4d 61 72 79 6c 61 | Univ. o|f Maryla|
|00000840| 6e 64 2c 20 43 6f 6c 6c | 65 67 65 20 50 61 72 6b |nd, Coll|ege Park|
|00000850| 2c 20 4d 44 20 32 30 37 | 34 32 0a 0a 50 2e 53 2e |, MD 207|42..P.S.|
|00000860| 3a 20 20 49 27 76 65 20 | 72 65 61 6c 69 7a 65 64 |:  I've |realized|
|00000870| 20 74 68 61 74 20 74 68 | 69 73 20 6d 65 73 73 61 | that th|is messa|
|00000880| 67 65 20 69 73 20 74 6f | 6f 20 62 69 67 20 74 6f |ge is to|o big to|
|00000890| 20 67 6f 20 69 6e 20 6f | 6e 65 20 63 68 75 6e 6b | go in o|ne chunk|
|000008a0| 2c 20 73 6f 0a 49 27 6d | 20 73 70 6c 69 74 74 69 |, so.I'm| splitti|
|000008b0| 6e 67 20 69 74 20 69 6e | 74 6f 20 74 77 6f 20 70 |ng it in|to two p|
|000008c0| 69 65 63 65 73 2e 20 20 | 54 68 65 20 66 69 72 73 |ieces.  |The firs|
|000008d0| 74 20 69 73 20 74 68 65 | 20 61 6e 6f 6e 79 6d 6f |t is the| anonymo|
|000008e0| 75 73 20 46 54 50 20 70 | 61 74 63 68 2c 20 61 6e |us FTP p|atch, an|
|000008f0| 64 0a 74 68 65 20 73 65 | 63 6f 6e 64 20 69 73 20 |d.the se|cond is |
|00000900| 74 68 65 20 6d 6f 72 65 | 20 67 65 6e 65 72 61 6c |the more| general|
|00000910| 20 70 61 74 63 68 2e 20 | 20 54 68 69 73 20 69 73 | patch. | This is|
|00000920| 20 6d 65 73 73 61 67 65 | 20 23 32 20 6f 66 20 32 | message| #2 of 2|
|00000930| 2e 0a 0a 2d 2d 2d 2d 2d | 20 53 74 61 72 74 20 6f |...-----| Start o|
|00000940| 66 20 73 65 63 6f 6e 64 | 20 6d 65 73 73 61 67 65 |f second| message|
|00000950| 20 2d 2d 2d 2d 2d 0a 44 | 61 74 65 3a 20 4d 6f 6e | -----.D|ate: Mon|
|00000960| 2c 20 37 20 4e 6f 76 20 | 38 38 20 31 36 3a 32 32 |, 7 Nov |88 16:22|
|00000970| 3a 34 35 20 45 53 54 0a | 46 72 6f 6d 3a 20 50 65 |:45 EST.|From: Pe|
|00000980| 74 65 20 43 6f 74 74 72 | 65 6c 6c 20 3c 70 65 74 |te Cottr|ell <pet|
|00000990| 65 40 62 72 69 6c 6c 69 | 67 2e 75 6d 64 2e 65 64 |e@brilli|g.umd.ed|
|000009a0| 75 3e 0a 54 6f 3a 20 70 | 68 61 67 65 40 70 75 72 |u>.To: p|hage@pur|
|000009b0| 64 75 65 2e 65 64 75 0a | 53 75 62 6a 65 63 74 3a |due.edu.|Subject:|
|000009c0| 20 79 65 74 20 61 6e 6f | 74 68 65 72 20 66 74 70 | yet ano|ther ftp|
|000009d0| 64 20 68 6f 6c 65 20 28 | 6f 6e 20 53 75 6e 73 29 |d hole (|on Suns)|
|000009e0| 0a 0a 09 57 65 20 6a 75 | 73 74 20 64 69 73 63 6f |...We ju|st disco|
|000009f0| 76 65 72 65 64 20 74 68 | 69 73 20 6f 6e 20 6f 75 |vered th|is on ou|
|00000a00| 72 20 6d 61 63 68 69 6e | 65 73 2c 20 72 75 6e 6e |r machin|es, runn|
|00000a10| 69 6e 67 20 53 75 6e 4f | 53 20 33 2e 32 2e 20 49 |ing SunO|S 3.2. I|
|00000a20| 27 6d 0a 73 65 6e 64 69 | 6e 67 20 69 74 20 68 65 |'m.sendi|ng it he|
|00000a30| 72 65 20 62 65 63 61 75 | 73 65 20 49 20 66 69 67 |re becau|se I fig|
|00000a40| 75 72 65 20 77 65 20 6d | 69 67 68 74 20 61 73 20 |ure we m|ight as |
|00000a50| 77 65 6c 6c 20 67 65 74 | 20 74 68 65 20 77 6f 72 |well get| the wor|
|00000a60| 64 20 6f 75 74 20 74 6f | 0a 61 73 20 6d 61 6e 79 |d out to|.as many|
|00000a70| 20 6f 66 20 74 68 65 20 | 72 69 67 68 74 20 70 65 | of the |right pe|
|00000a80| 6f 70 6c 65 20 61 73 20 | 70 6f 73 73 69 62 6c 65 |ople as |possible|
|00000a90| 2e 20 54 68 65 20 68 6f | 6c 65 20 64 6f 65 73 6e |. The ho|le doesn|
|00000aa0| 27 74 20 65 78 69 73 74 | 20 69 6e 20 74 68 65 0a |'t exist| in the.|
|00000ab0| 42 65 72 6b 65 6c 65 79 | 20 76 65 72 73 69 6f 6e |Berkeley| version|
|00000ac0| 20 70 6f 73 74 65 64 20 | 6c 61 73 74 20 77 65 65 | posted |last wee|
|00000ad0| 6b 2c 20 73 6f 20 69 66 | 20 79 6f 75 20 72 65 70 |k, so if| you rep|
|00000ae0| 6c 61 63 65 64 20 79 6f | 75 72 20 53 75 6e 20 76 |laced yo|ur Sun v|
|00000af0| 65 72 73 69 6f 6e 0a 77 | 69 74 68 20 74 68 65 20 |ersion.w|ith the |
|00000b00| 42 65 72 6b 65 6c 65 79 | 20 6f 6e 65 2c 20 79 6f |Berkeley| one, yo|
|00000b10| 75 20 73 68 6f 75 6c 64 | 20 62 65 20 66 69 6e 65 |u should| be fine|
|00000b20| 2e 20 42 75 74 20 69 66 | 20 79 6f 75 20 6f 6e 6c |. But if| you onl|
|00000b30| 79 20 70 61 74 63 68 65 | 64 0a 79 6f 75 72 20 53 |y patche|d.your S|
|00000b40| 75 6e 20 76 65 72 73 69 | 6f 6e 20 77 69 74 68 20 |un versi|on with |
|00000b50| 74 68 65 20 42 65 72 6b | 65 6c 65 79 20 66 69 78 |the Berk|eley fix|
|00000b60| 2c 20 79 6f 75 20 61 72 | 65 20 73 74 69 6c 6c 20 |, you ar|e still |
|00000b70| 76 75 6c 6e 65 72 61 62 | 6c 65 20 74 6f 20 74 68 |vulnerab|le to th|
|00000b80| 69 73 0a 6f 6e 65 2e 0a | 0a 53 75 62 6a 65 63 74 |is.one..|.Subject|
|00000b90| 3a 20 53 65 63 75 72 69 | 74 79 20 68 6f 6c 65 20 |: Securi|ty hole |
|00000ba0| 69 6e 20 53 75 6e 20 46 | 54 50 0a 49 6e 64 65 78 |in Sun F|TP.Index|
|00000bb0| 3a 09 2f 75 73 72 2f 73 | 72 63 2f 75 73 72 2e 65 |:./usr/s|rc/usr.e|
|00000bc0| 74 63 2f 66 74 70 63 6d | 64 73 2e 79 20 53 75 6e |tc/ftpcm|ds.y Sun|
|00000bd0| 4f 53 20 33 2e 32 0a 0a | 44 65 73 63 72 69 70 74 |OS 3.2..|Descript|
|00000be0| 69 6f 6e 3a 0a 09 54 68 | 65 20 66 74 70 64 20 64 |ion:..Th|e ftpd d|
|00000bf0| 61 65 6d 6f 6e 20 69 6e | 20 53 75 6e 4f 53 20 68 |aemon in| SunOS h|
|00000c00| 61 73 20 61 20 73 65 63 | 75 72 69 74 79 20 68 6f |as a sec|urity ho|
|00000c10| 6c 65 20 69 6e 20 69 74 | 2c 20 75 6e 72 65 6c 61 |le in it|, unrela|
|00000c20| 74 65 64 20 74 6f 0a 09 | 74 68 65 20 6f 6e 65 20 |ted to..|the one |
|00000c30| 69 6e 76 6f 6c 76 69 6e | 67 20 61 6e 6f 6e 79 6d |involvin|g anonym|
|00000c40| 6f 75 73 20 6c 6f 67 69 | 6e 20 74 68 61 74 20 42 |ous logi|n that B|
|00000c50| 65 72 6b 65 6c 65 79 20 | 70 6f 73 74 65 64 20 61 |erkeley |posted a|
|00000c60| 20 66 69 78 20 66 6f 72 | 2e 0a 09 49 6e 20 74 68 | fix for|...In th|
|00000c70| 69 73 20 6f 6e 65 2c 20 | 6f 6e 63 65 20 79 6f 75 |is one, |once you|
|00000c80| 20 6c 6f 67 20 69 6e 20 | 74 6f 20 61 20 6d 61 63 | log in |to a mac|
|00000c90| 68 69 6e 65 20 61 73 20 | 79 6f 75 72 73 65 6c 66 |hine as |yourself|
|00000ca0| 2c 20 79 6f 75 20 63 61 | 6e 0a 09 62 65 63 6f 6d |, you ca|n..becom|
|00000cb0| 65 20 61 6e 79 6f 6e 65 | 20 65 6c 73 65 20 28 69 |e anyone| else (i|
|00000cc0| 6e 63 6c 75 64 69 6e 67 | 20 72 6f 6f 74 29 20 6f |ncluding| root) o|
|00000cd0| 6e 20 74 68 61 74 20 6d | 61 63 68 69 6e 65 20 61 |n that m|achine a|
|00000ce0| 6e 64 20 77 72 69 74 65 | 20 66 69 6c 65 73 0a 09 |nd write| files..|
|00000cf0| 61 6e 79 77 68 65 72 65 | 20 79 6f 75 20 6c 69 6b |anywhere| you lik|
|00000d00| 65 2e 20 54 68 69 73 20 | 62 75 67 20 65 78 69 73 |e. This |bug exis|
|00000d10| 74 73 20 69 6e 20 53 75 | 6e 4f 53 20 33 2e 30 2c |ts in Su|nOS 3.0,|
|00000d20| 20 33 2e 32 20 61 6e 64 | 20 49 27 6d 20 74 6f 6c | 3.2 and| I'm tol|
|00000d30| 64 0a 09 74 68 61 74 20 | 69 74 20 65 78 69 73 74 |d..that |it exist|
|00000d40| 73 20 69 6e 20 33 2e 34 | 3b 20 49 20 68 61 76 65 |s in 3.4|; I have|
|00000d50| 20 6e 6f 20 69 64 65 61 | 20 69 66 20 69 74 20 69 | no idea| if it i|
|00000d60| 73 20 69 6e 20 66 75 72 | 74 68 65 72 20 72 65 6c |s in fur|ther rel|
|00000d70| 65 61 73 65 73 2e 0a 09 | 59 6f 75 20 6e 65 65 64 |eases...|You need|
|00000d80| 20 74 6f 20 62 65 20 61 | 62 6c 65 20 74 6f 20 6c | to be a|ble to l|
|00000d90| 6f 67 20 69 6e 20 66 69 | 72 73 74 2c 20 74 6f 20 |og in fi|rst, to |
|00000da0| 73 65 74 20 61 20 6c 6f | 67 67 65 64 5f 69 6e 20 |set a lo|gged_in |
|00000db0| 66 6c 61 67 2c 20 73 6f | 0a 09 73 69 74 65 73 20 |flag, so|..sites |
|00000dc0| 77 69 74 68 20 74 68 69 | 73 20 68 6f 6c 65 20 6d |with thi|s hole m|
|00000dd0| 69 67 68 74 20 6e 6f 74 | 20 62 65 20 76 75 6c 6e |ight not| be vuln|
|00000de0| 65 72 61 62 6c 65 20 74 | 6f 20 61 20 6e 65 74 20 |erable t|o a net |
|00000df0| 61 74 74 61 63 6b 2c 20 | 62 75 74 0a 09 49 20 68 |attack, |but..I h|
|00000e00| 61 76 65 6e 27 74 20 63 | 68 65 63 6b 65 64 20 74 |aven't c|hecked t|
|00000e10| 68 69 73 20 6f 75 74 20 | 66 6f 72 20 73 75 72 65 |his out |for sure|
|00000e20| 2e 0a 0a 52 65 70 65 61 | 74 2d 42 79 3a 0a 09 0a |...Repea|t-By:...|
|00000e30| 09 48 61 76 65 6e 27 74 | 20 77 65 20 68 61 64 20 |.Haven't| we had |
|00000e40| 65 6e 6f 75 67 68 20 70 | 72 6f 62 6c 65 6d 73 20 |enough p|roblems |
|00000e50| 6c 61 74 65 6c 79 3f 20 | 42 65 6c 69 65 76 65 20 |lately? |Believe |
|00000e60| 6d 65 2c 20 69 74 27 73 | 20 74 68 65 72 65 2e 0a |me, it's| there..|
|00000e70| 0a 46 69 78 3a 0a 09 46 | 6f 72 20 73 69 74 65 73 |.Fix:..F|or sites|
|00000e80| 20 6c 61 63 6b 69 6e 67 | 20 73 6f 75 72 63 65 2c | lacking| source,|
|00000e90| 20 69 6e 73 74 61 6c 6c | 20 74 68 65 20 76 65 72 | install| the ver|
|00000ea0| 73 69 6f 6e 20 42 65 72 | 6b 65 6c 65 79 20 73 65 |sion Ber|keley se|
|00000eb0| 6e 74 20 6f 75 74 2e 0a | 09 46 6f 72 20 73 69 74 |nt out..|.For sit|
|00000ec0| 65 73 20 77 69 74 68 20 | 73 6f 75 72 63 65 2c 20 |es with |source, |
|00000ed0| 68 65 72 65 20 69 73 20 | 61 20 63 6f 6e 74 65 78 |here is |a contex|
|00000ee0| 74 20 64 69 66 66 3a 0a | 0a 5b 62 61 6c 6c 61 73 |t diff:.|.[ballas|
|00000ef0| 74 20 32 31 5d 20 72 63 | 73 64 69 66 66 20 2d 63 |t 21] rc|sdiff -c|
|00000f00| 33 20 2d 72 31 2e 32 20 | 66 74 70 63 6d 64 2e 79 |3 -r1.2 |ftpcmd.y|
|00000f10| 0a 52 43 53 20 66 69 6c | 65 3a 20 52 43 53 2f 66 |.RCS fil|e: RCS/f|
|00000f20| 74 70 63 6d 64 2e 79 2c | 76 0a 72 65 74 72 69 65 |tpcmd.y,|v.retrie|
|00000f30| 76 69 6e 67 20 72 65 76 | 69 73 69 6f 6e 20 31 2e |ving rev|ision 1.|
|00000f40| 32 0a 64 69 66 66 20 2d | 63 33 20 2d 72 31 2e 32 |2.diff -|c3 -r1.2|
|00000f50| 20 66 74 70 63 6d 64 2e | 79 0a 2a 2a 2a 20 2f 74 | ftpcmd.|y.*** /t|
|00000f60| 6d 70 2f 2c 52 43 53 74 | 31 61 30 32 39 33 35 20 |mp/,RCSt|1a02935 |
|00000f70| 20 20 4d 6f 6e 20 4e 6f | 76 20 20 37 20 31 34 3a |  Mon No|v  7 14:|
|00000f80| 32 32 3a 34 39 20 31 39 | 38 38 0a 2d 2d 2d 20 66 |22:49 19|88.--- f|
|00000f90| 74 70 63 6d 64 2e 79 20 | 20 20 20 53 75 6e 20 4e |tpcmd.y |   Sun N|
|00000fa0| 6f 76 20 20 36 20 32 31 | 3a 32 35 3a 35 38 20 31 |ov  6 21|:25:58 1|
|00000fb0| 39 38 38 0a 2a 2a 2a 2a | 2a 2a 2a 2a 2a 2a 2a 2a |988.****|********|
|00000fc0| 2a 2a 2a 0a 2a 2a 2a 20 | 36 39 2c 37 38 20 2a 2a |***.*** |69,78 **|
|00000fd0| 2a 2a 0a 2d 2d 2d 20 36 | 39 2c 37 39 20 2d 2d 2d |**.--- 6|9,79 ---|
|00000fe0| 2d 0a 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 |-.      |        |
|00000ff0| 20 20 3d 20 7b 0a 20 20 | 20 20 20 20 20 20 20 20 |  = {.  |        |
|00001000| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 65 78 |        |      ex|
|00001010| 74 65 72 6e 20 73 74 72 | 75 63 74 20 70 61 73 73 |tern str|uct pass|
|00001020| 77 64 20 2a 73 67 65 74 | 70 77 6e 61 6d 28 29 3b |wd *sget|pwnam();|
|00001030| 0a 20 20 0a 2b 20 20 20 | 20 20 20 20 20 20 20 20 |.  .+   |        |
|00001040| 20 20 20 20 20 20 20 20 | 20 20 20 20 6c 6f 67 67 |        |    logg|
|00001050| 65 64 5f 69 6e 20 3d 20 | 30 3b 0a 20 20 20 20 20 |ed_in = |0;.     |
|00001060| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 |        |        |
|00001070| 20 20 20 69 66 20 28 73 | 74 72 63 6d 70 28 24 33 |   if (s|trcmp($3|
|00001080| 2c 20 22 66 74 70 22 29 | 20 3d 3d 20 30 20 7c 7c |, "ftp")| == 0 |||
|00001090| 0a 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 |.       |        |
|000010a0| 20 20 20 20 20 20 20 20 | 20 20 20 73 74 72 63 6d |        |   strcm|
|000010b0| 70 28 24 33 2c 20 22 61 | 6e 6f 6e 79 6d 6f 75 73 |p($3, "a|nonymous|
|000010c0| 22 29 20 3d 3d 20 30 29 | 20 7b 0a 20 20 20 20 20 |") == 0)| {.     |
|000010d0| 20 20 20 20 20 20 20 20 | 20 20 20 20 20 20 20 20 |        |        |
|000010e0| 20 20 20 20 20 20 20 20 | 20 20 20 69 66 20 28 28 |        |   if ((|
|000010f0| 70 77 20 3d 20 73 67 65 | 74 70 77 6e 61 6d 28 22 |pw = sge|tpwnam("|
|00001100| 66 74 70 22 29 29 20 21 | 3d 20 4e 55 4c 4c 29 20 |ftp")) !|= NULL) |
|00001110| 7b 0a 0a 0a 2d 2d 2d 2d | 2d 20 45 6e 64 20 6f 66 |{...----|- End of|
|00001120| 20 73 65 63 6f 6e 64 20 | 6d 65 73 73 61 67 65 20 | second |message |
|00001130| 2d 2d 2d 2d 2d 0a       |                         |-----.  |        |
+--------+-------------------------+-------------------------+--------+--------+