Bugtraq: Re: ftpd: the advisory version

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: ftpd: the advisory version

From: carson () TLA ORG (Carson Gaspar)
Date: Fri, 30 Jun 2000 20:05:20 -0400

"Mike" == Mike Eldridge <diz () CAFES NET> writes:


Mike> On Tue, 27 Jun 2000, Olaf Kirch wrote:

I.e. publicfile is able to drop root privs because it stops using port 20
when creating data connections in response to a PORT command. It's
against the spec but works with most clients.


Mike> Against spec, it may be, but in my opinion, it makes more sense.

FYI, it violates a SHOULD, it doesn't violate a MUST, so it is officially in
spec.

--
Carson Gaspar -- carson () tla org
Queen Trapped in a Butch Body

By Date By Thread

Current thread:

Re: ftpd: the advisory version Valdis Kletnieks (Jun 30)
- Re: ftpd: the advisory version Tom Perrine (Jul 02)
- Conclusion to recent working WuFTPD Exploits Eric Hines (Jul 05)
- <Possible follow-ups>
- Re: ftpd: the advisory version Carson Gaspar (Jun 30)
  - Re: ftpd: the advisory version Mike Gleason (Jul 02)
  - [RHSA-2000:016-03] Multiple local imwheel vulnerabilities bugzilla () REDHAT COM (Jul 03)
  - Re: ftpd: the advisory version monti (Jul 05)
    - Re: ftpd: the advisory version D. J. Bernstein (Jul 06)
    - Re: ftpd: the advisory version monti (Jul 07)