TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Hi,
Can any one give me more information on FTPchmodable?
I got the following email from a user.
Thanks,
Dave
David S. Woodruff http://www.lns.mit.edu/~dsw
MIT Lab for Nuclear Science Phone: (617)-253-6943
24-030g, MIT Email: [EMAIL PROTECTED]
77 Massachusetts Avenue FAX: (617)-258-6591
Cambridge, MA, 02139 Call me Ishmael.
---------- Forwarded message ----------
Date: Fri, 9 Feb 2001 11:42:00 -0500
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: FTP server allows the chmod command to be executed ?
The specified web page in this message no longer exists, and I can't find any
mention of this problem elsewhere.
> FTP server allows the chmod command to be executed
>
> Risk Level: High Check or Attack Name: FTPchmodable
>
> Platforms: FTP
>
> Description: Some File Transfer Protocol (FTP) servers could be
> misconfigured to allow users to execute the chmod command on files
> under the FTP directory structure. This ability could allow an
> attacker to modify files or replace them with trojan horse programs.
>
> Remedy: Configure your FTP server not to allow users to execute the
> chmod command.
>
> References: Internet Security Systems, Inc., Anonymous FTP FAQ,
> http://xforce.iss.net/library/faqs/anonftp.php
>
>
> David S. Woodruff http://www.lns.mit.edu/~dsw
> MIT Lab for Nuclear Science Phone: (617)-253-6943
> 24-030g, MIT Email: [EMAIL PROTECTED]
> 77 Massachusetts Avenue FAX: (617)-258-6591
> Cambridge, MA, 02139 Call me Ishmael.
>
