Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Serv-U FTP Exploit?
From: kevlar () SMARTLINK NET (Kevlar)
Date: Thu, 30 Apr 1998 12:21:37 -0700

One of the orinigal versions had just such an expliot. But that was fixed a
long time ago, when the serv-u program was pretty new. The newest release
is secure as far as I can tell.

At 05:31 PM 4/29/98 -0500, Chris Kline wrote:
I've heard a few rumors about an exploit found in Serv-U FTP that supposedly
compromised all security and gave you full access to the servers hard drive,
including execution permissions.  Because of this I've been warned not to use
it, but no matter how much I search for an exploit, I can't seem to find it.
So can anyone confirm this exploit and show how it's done and what to do to
protect against it?

<Kevlar () smartlink net>

My motto: Be good, Or be good at it.

Oh, I'm sorry... Was I not suposed to EXPORT STRONG CRYPTO?
print pack"C*",split/\D+/,`echo
"16iII*o\U () {$/=$z;[(pop,pop,unpack"H*",<>

Beat your algorithms into swords and your virtual machines into spears...
Let the weak say, "I am strong".

  By Date           By Thread  

Current thread:
  • Re: Serv-U FTP Exploit? Kevlar (Apr 30)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]