lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3F0F6BD1.21777.D19007C@localhost>
Date: Sat, 12 Jul 2003 02:00:49 +1200
From: Nick FitzGerald <nick@...us-l.demon.co.uk>
To: bugtraq@...urityfocus.com
Subject: Re: ServU FTP Service (Win32) is able to relay email


Hal Flynn <flynn@...urityfocus.com> apparently replied to someone:

> > ServU FTP Server for Win32 has a Bug that makes it possible to relay
> > email messages anonymously. As described in the RFC documents for FTP
> > (959, 1579, 2228) its not recommendet for the service to accept PORT
> > commands containing target ports above 1024/tcp. Example:
> 
> Nice.  I'd like to point out that this isn't a new issue per se, but
> instead a rehash of something discovered by Hobbit, and described in
> Bugtraq ID 126:
> 
> http://www.securityfocus.com/bid/126
> 
> On another note, in two days, this vuln will be eight years old.  I
> suppose this is an early birthday present.

As I haven't seen the whole of the post you are replying to, I cannot 
be sure of the OP's "intention" as the above may have been (subtly) 
removed from its proper context.

But, FWIW, you should be aware that there are many ServU FTP servers 
out there, sitting on big, fat, open pipes.  The ones I'm thinking of 
have mainly been put there as part of establishing the "pubstro"-style 
warez bot nets.  Given how ServU got to be installed on these machines 
_and remain there_ (usually via ancient IIS exploits or null or 
otherwise easily-guessed admin passwords on Internet-visible Windows 
networking) it's a fair bet that banner scanning and the like to find 
them won't be detected _at the sites hosting these ServU servers_.


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ