Bugtraq: Re: wu-ftpd 2.4.2-beta-13 default UMASK hole

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: wu-ftpd 2.4.2-beta-13 default UMASK hole

From: staikos () 0WNED ORG (George Staikos)
Date: Wed, 11 Jun 1997 17:13:32 -0400


On Wed, 11 Jun 1997, Roy M. Hooper wrote:

The default umask for wu-ftpd 2.4.2-beta-13 is 002.
Since most users on most sites are in the same group, all files created by
users PUTting files would be group writeable by anyone.  Not a good thing.


  I contacted academ software regarding this issue on or about March 13
this year.  The problem was present in beta-12 and beta-13 (perhaps
earlier releases too).  There should hopefully be a patch in beta-14.
I have pasted the request number below...

-----8<------
  [ACADEM-SW-SUPPORT #257] UMASK in wu-ftpd-2.4.2-beta-12
has been received and assigned a request number of 257.
-----8<-----

George

By Date By Thread

Current thread:

wu-ftpd 2.4.2-beta-13 default UMASK hole Roy M. Hooper (Jun 11)
- wu-ftpd 2.4.2-beta-13 default UMASK hole Steve VanDevender (Jun 11)
- Re: wu-ftpd 2.4.2-beta-13 default UMASK hole George Staikos (Jun 11)
- Denial of service (qmail-smtpd) Frank DENIS -Jedi/Sector One- (Jun 11)
- qmail-dos-2.c, another denial of service attack Frank DENIS -Jedi/Sector One- (Jun 11)
- DNS abuse Jordi Murgo (Jun 11)
- Solaris x86 buffer overflows jim bresler (Jun 12)
- CERT Advisory CA-97.18 - Vulnerability in the at(1) program Aleph One (Jun 12)