Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!wuarchive!uunet!mcsun!hp4nl!svin02!eba!ebh.eb.ele.tue.nl!wjw
From: wjw@ebh.eb.ele.tue.nl (Willem Jan Withagen)
Newsgroups: comp.sys.apollo
Subject: Found a bug in 'my'ftpd. Security breach.
Keywords: bug, ftpd, anonymous ftp, security breach.
Message-ID: <1200@eba.eb.ele.tue.nl>
Date: 4 Jun 91 14:53:18 GMT
Sender: news@eb.ele.tue.nl (The News system)
Reply-To: wjw@eb.ele.tue.nl
Organization: Digital Systems, Eindhoven University of Technology, the Netherlands
Lines: 24


                                   
Hi all,

I know that people are using the berkely-ftpd which is patched for
Apollo to give them anonymous ftp. I've added more patches to it.

All these seem to contain a bug. I can't get hold of the original author to 
give him the exact details, but I've been able to reproduce the effects on
another system. As long as ftp-upload is not enabled then 

So I advise people who are using an ftpd derived from the ones described above
to obtain a new version 
	at ftp.eb.ele.tue.nl [131.155.20.25]
        in /pub/apollo/myftpd.tar.v38.Z
                       
Regards,
	Willem Jan.

-- 
Eindhoven University of Technology   DomainName:  wjw@eb.ele.tue.nl    
Digital Systems Group, Room EH 10.10 
P.O. 513                             Tel: +31-40-473401
5600 MB Eindhoven                    The Netherlands