Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Solaris 9 in.ftpd security flaw - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Solaris 9 in.ftpd security flaw
Good afternoon all,

In the midst of the Microsoft Word 0-day vulnerability (and the start of the summer vacation season), a few security issues managed to be overlooked by me this past week. 

Sun Microsystems released an advisory concerning a security flaw in the ftp daemon installed by default in Solaris 9.  This vulnerability may allow local or remote unprivileged users to access directories outside of their home directory or to log in with their $HOME directory set to the root directory of  "/" (slash) if certain options are in use.

Sun is working on an appropriate fix so keep an eye on your log files, or disable the ftp service under Solaris if it is not necessary. For more information, please see the Sunsolve document located at http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1


---
Scott Fendley
Handler on Duty
ScottF

188 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!