Package: proftpd Version: 1.2.10-17 Severity: critical Justification: root security hole
In the most recent (1.2.10-17) version of proftpd, the permissions used by the daemon are somehome mixed up: both anonymous and authenticated connections are mapped to uid 0/gid 0 in the filesystem. New files and directories are created with uid 0/gid 0 (instead of the ftp/nogroup for anon connections resp. the authenticated user). In anon mode, you seem to be trapped in the anon enviroment and can't delete files. With authenticated connections, you also get root access to the whole system (visible to proftpd) and as your access is mapped to root/root, you can delete everything you like (thus the critical severity, as this opens root access to the ftp server's file system. This bug was not reproducable on 1.2.10-16, I had to install 1.2.10-17. The config file wasn't touched during the update to -17. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i586) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.26 Locale: LANG=C, [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages proftpd depends on: ii adduser 3.64 Add and remove users and groups ii debconf 1.4.51 Debian configuration management sy ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii libpam0g 0.76-22 Pluggable Authentication Modules l ii libssl0.9.7 0.9.7g-1 SSL shared libraries ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra ii netbase 4.21 Basic TCP/IP networking system ii proftpd-common 1.2.10-17 Versatile, virtual-hosting FTP dae ii ucf 1.18 Update Configuration File: preserv proftpd recommends no packages. -- debconf information: * shared/proftpd/anonymous: true shared/proftpd/run_inetd_or_standalone: standalone * shared/proftpd/edit_conffile: false * shared/proftpd/use_debconf: true shared/proftpd/anonymous_access: false * proftpd/edit_conffile: true shared/proftpd/file_changed: shared/proftpd/warning: * shared/proftpd/inetd_or_standalone: inetd * proftpd/run_inetd_or_standalone: inetd shared/proftpd/replace_file_install: false shared/proftpd/sql_statements: * proftpd/anonymous_access: true proftpd/sql_statements: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]