Bugtraq: wu-ftpd 2.4.2-beta-13 default UMASK hole

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

wu-ftpd 2.4.2-beta-13 default UMASK hole

From: rhooper () TOYBOX OTTAWA ON CA (Roy M. Hooper)
Date: Wed, 11 Jun 1997 12:06:50 -0400


The default umask for wu-ftpd 2.4.2-beta-13 is 002.
Since most users on most sites are in the same group, all files created by
users PUTting files would be group writeable by anyone.  Not a good thing.

The offending code is in "ftpd.c" line 259:
#if !defined(CMASK) || CMASK == 0
#undef CMASK
#define CMASK 002
#endif

Changing CMASK 002 to CMASK 022 will fix this.

--
Roy Hooper                   rhooper () freenet carleton ca
System Administrator,        "Mom!  I let my mind wander and
Cyberus Online Inc.          it didn't come back!" - Bill Waterson
             Help fight internet spam:  http://www.vix.com/spam/

By Date By Thread

Current thread:

wu-ftpd 2.4.2-beta-13 default UMASK hole Roy M. Hooper (Jun 11)
- wu-ftpd 2.4.2-beta-13 default UMASK hole Steve VanDevender (Jun 11)
- Re: wu-ftpd 2.4.2-beta-13 default UMASK hole George Staikos (Jun 11)
- Denial of service (qmail-smtpd) Frank DENIS -Jedi/Sector One- (Jun 11)
- qmail-dos-2.c, another denial of service attack Frank DENIS -Jedi/Sector One- (Jun 11)
- DNS abuse Jordi Murgo (Jun 11)