[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3F0F6BD1.21777.D19007C@localhost>
Date: Sat, 12 Jul 2003 02:00:49 +1200
From: Nick FitzGerald <nick@...us-l.demon.co.uk>
To: bugtraq@...urityfocus.com
Subject: Re: ServU FTP Service (Win32) is able to relay email
Hal Flynn <flynn@...urityfocus.com> apparently replied to someone:
> > ServU FTP Server for Win32 has a Bug that makes it possible to relay
> > email messages anonymously. As described in the RFC documents for FTP
> > (959, 1579, 2228) its not recommendet for the service to accept PORT
> > commands containing target ports above 1024/tcp. Example:
>
> Nice. I'd like to point out that this isn't a new issue per se, but
> instead a rehash of something discovered by Hobbit, and described in
> Bugtraq ID 126:
>
> http://www.securityfocus.com/bid/126
>
> On another note, in two days, this vuln will be eight years old. I
> suppose this is an early birthday present.
As I haven't seen the whole of the post you are replying to, I cannot
be sure of the OP's "intention" as the above may have been (subtly)
removed from its proper context.
But, FWIW, you should be aware that there are many ServU FTP servers
out there, sitting on big, fat, open pipes. The ones I'm thinking of
have mainly been put there as part of establishing the "pubstro"-style
warez bot nets. Given how ServU got to be installed on these machines
_and remain there_ (usually via ancient IIS exploits or null or
otherwise easily-guessed admin passwords on Internet-visible Windows
networking) it's a fair bet that banner scanning and the like to find
them won't be detected _at the sites hosting these ServU servers_.
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
Powered by blists - more mailing lists