www.ProFTPD.de
13. März 2007, 20:38:01 *
Willkommen Gast. Bitte einloggen oder registrieren.
Haben Sie Ihre Aktivierungs E-Mail übersehen?

Einloggen mit Benutzername, Passwort und Sitzungslänge
News: SMF - Neu installiert!
 
   Übersicht   Hilfe Suche Login Registrieren  
Seiten: [1]   Nach unten
  Drucken  
Autor Thema: Proftpd Security Exploit  (Gelesen 672 mal)
0 Mitglieder und 1 Gast betrachten dieses Thema.
TL
ProFTPD
*
Offline Offline

Beiträge: 97


Profil anzeigen WWW E-Mail
« am: 23. September 2003, 20:31:35 »

Achtung, Proftpd 1.2.7 aufwärts hat einen Fehler im Ascii Transfer Mode, der es einem Angreifer ermöglicht Zugriff auf das System zu bekommen. Der Angreifer muss allerdings Schreib- und Leserechte haben. Näheres unter http://xforce.iss.net/xforce/alerts/id/154.
Auf den Proftpd-Mirrors ist eine gepatchte Version (mit p hinter der Versionsnummer) zu bekommen.
Gespeichert
stonki
Administrator
ProFTPD
*****
Offline Offline

Beiträge: 1853


15318939
Profil anzeigen WWW E-Mail
« Antwort #1 am: 24. September 2003, 09:58:43 »

Zitat von: "TL"
Achtung, Proftpd 1.2.7 aufwärts hat einen Fehler im Ascii Transfer Mode, der es einem Angreifer ermöglicht Zugriff auf das System zu bekommen. Der Angreifer muss allerdings Schreib- und Leserechte haben. Näheres unter http://xforce.iss.net/xforce/alerts/id/154.
Auf den Proftpd-Mirrors ist eine gepatchte Version (mit p hinter der Versionsnummer) zu bekommen.


Jupp, was fuer ein scheiss. proFTPD.de ist nun geupdated !

cu
stonki
Gespeichert

www.stonki.de:    the more I see, the more I know.......
www.proftpd.de:   Deutsche ProFTPD Dokumentation
www.krename.net:  Der Batch Renamer für KDE
www.kbarcode.net: Die Barcode Solution für KDE
Wörsty
Moderator
ProFTPD
*****
Offline Offline

Beiträge: 1602


50772603
Profil anzeigen WWW E-Mail
« Antwort #2 am: 24. September 2003, 11:06:40 »

mod_exec 0.6.6 läßt sich bei mir nicht mehr reinkompilieren. :??
Code:
[root@knowledgebase proftpd-1.2.9rc2p]# cp /usr/src/mod_exec/mod_exec.c contrib/mod_exec.c
[root@knowledgebase proftpd-1.2.9rc2p]# cp /usr/src/mod_wrap-2.0/mod_wrap*.c contrib/
cp: »contrib/mod_wrap.c« überschreiben?
[root@knowledgebase proftpd-1.2.9rc2p]# cp /usr/src/mod_wrap-2.0/mod_wrap*.h contrib/
[root@knowledgebase proftpd-1.2.9rc2p]# cp /usr/src/mod_conf_sql/mod_conf_sql.c contrib/
[root@knowledgebase proftpd-1.2.9rc2p]# ./configure --with-modules=mod_sql:mod_sql_mysql:mod_conf_sql:mod_ifsession:mod_wrap:mod_wrap_file:mod_wrap_sql:mod_tls:mod_exec --with-includes=/usr/include/mysql --with-libraries=/usr/lib/mysql --sysconfdir=/www/conf/
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
checking for gcc... gcc
checking for C compiler default output... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking whether make sets $(MAKE)... yes
checking for a BSD-compatible install... /usr/bin/install -c
checking for ranlib... ranlib
checking for special C compiler options needed for large files... no
checking for _FILE_OFFSET_BITS value needed for large files... 64
checking for _LARGE_FILES value needed for large files... no
checking whether the C compiler accepts -Wall... yes
checking for getopt... yes
checking how to run the C preprocessor... gcc -E
checking for egrep... grep -E
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for standalone crypt... no
checking for crypt in -lcrypt... yes
checking for standalone gethostbyname... yes
checking for standalone inet_aton... yes
checking for standalone nsl functions... yes
checking for standalone socket functions... yes
checking for _pw_stayopen variable... no
checking krb.h usability... no
checking krb.h presence... no
checking for krb.h... no
checking prot.h usability... no
checking prot.h presence... no
checking for prot.h... no
checking hpsecurity.h usability... no
checking hpsecurity.h presence... no
checking for hpsecurity.h... no
checking for hpsecurity.h workaround... no
checking for dirent.h that defines DIR... yes
checking for library containing opendir... none required
checking for ANSI C header files... (cached) yes
checking for sys/wait.h that is POSIX.1 compatible... yes
checking fcntl.h usability... yes
checking fcntl.h presence... yes
checking for fcntl.h... yes
checking sys/ioctl.h usability... yes
checking sys/ioctl.h presence... yes
checking for sys/ioctl.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking for unistd.h... (cached) yes
checking for memory.h... (cached) yes
checking shadow.h usability... yes
checking shadow.h presence... yes
checking for shadow.h... yes
checking for struct spwd.sp_warn... yes
checking for struct spwd.sp_inact... yes
checking for struct spwd.sp_expire... yes
checking security/pam_appl.h usability... no
checking security/pam_appl.h presence... no
checking for security/pam_appl.h... no
checking pam/pam_appl.h usability... no
checking pam/pam_appl.h presence... no
checking for pam/pam_appl.h... no
checking linux/capability.h usability... yes
checking linux/capability.h presence... yes
checking for linux/capability.h... yes
checking whether to enable mod_cap... yes
checking ctype.h usability... yes
checking ctype.h presence... yes
checking for ctype.h... yes
checking getopt.h usability... yes
checking getopt.h presence... yes
checking for getopt.h... yes
checking crypt.h usability... yes
checking crypt.h presence... yes
checking for crypt.h... yes
checking bstring.h usability... no
checking bstring.h presence... no
checking for bstring.h... no
checking limits.h usability... yes
checking limits.h presence... yes
checking for limits.h... yes
checking for strings.h... (cached) yes
checking stropts.h usability... yes
checking stropts.h presence... yes
checking for stropts.h... yes
checking sys/file.h usability... yes
checking sys/file.h presence... yes
checking for sys/file.h... yes
checking for sys/types.h... (cached) yes
checking sys/uio.h usability... yes
checking sys/uio.h presence... yes
checking for sys/uio.h... yes
checking for sys/param.h... yes
checking for sys/mount.h... yes
checking netdb.h usability... yes
checking netdb.h presence... yes
checking for netdb.h... yes
checking netinet/in.h usability... yes
checking netinet/in.h presence... yes
checking for netinet/in.h... yes
checking for netinet/in_systm.h... yes
checking for netinet/ip.h... yes
checking netinet/tcp.h usability... yes
checking netinet/tcp.h presence... yes
checking for netinet/tcp.h... yes
checking arpa/inet.h usability... yes
checking arpa/inet.h presence... yes
checking for arpa/inet.h... yes
checking for sys/stat.h... (cached) yes
checking errno.h usability... yes
checking errno.h presence... yes
checking for errno.h... yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking sys/termios.h usability... yes
checking sys/termios.h presence... yes
checking for sys/termios.h... yes
checking sys/termio.h usability... no
checking sys/termio.h presence... no
checking for sys/termio.h... no
checking sys/statvfs.h usability... yes
checking sys/statvfs.h presence... yes
checking for sys/statvfs.h... yes
checking sys/vfs.h usability... yes
checking sys/vfs.h presence... yes
checking for sys/vfs.h... yes
checking sys/select.h usability... yes
checking sys/select.h presence... yes
checking for sys/select.h... yes
checking dirent.h usability... yes
checking dirent.h presence... yes
checking for dirent.h... yes
checking ndir.h usability... no
checking ndir.h presence... no
checking for ndir.h... no
checking sys/ndir.h usability... no
checking sys/ndir.h presence... no
checking for sys/ndir.h... no
checking sys/dir.h usability... yes
checking sys/dir.h presence... yes
checking for sys/dir.h... yes
checking vmsdir.h usability... no
checking vmsdir.h presence... no
checking for vmsdir.h... no
checking utmpx.h usability... yes
checking utmpx.h presence... yes
checking for utmpx.h... yes
checking regex.h usability... yes
checking regex.h presence... yes
checking for regex.h... yes
checking syslog.h usability... yes
checking syslog.h presence... yes
checking for syslog.h... yes
checking curses.h usability... yes
checking curses.h presence... yes
checking for curses.h... yes
checking ncurses.h usability... yes
checking ncurses.h presence... yes
checking for ncurses.h... yes
checking for an ANSI C-conforming const... yes
checking for inline... inline
checking for uid_t in sys/types.h... yes
checking for pid_t... yes
checking for size_t... yes
checking for mode_t... yes
checking for off_t... yes
checking type of array argument to getgroups... gid_t
checking for timer_t... yes
checking for short... yes
checking size of short... 2
checking for int... yes
checking size of int... 4
checking for long... yes
checking size of long... 4
checking for long long... yes
checking size of long long... 8
checking for off_t... (cached) yes
checking size of off_t... 8
checking whether time.h and sys/time.h may both be included... yes
checking whether struct tm is in sys/time.h or time.h... time.h
checking for umode_t... no
checking for ino_t... yes
checking for socklen_t... yes
checking utmp.h usability... yes
checking utmp.h presence... yes
checking for utmp.h... yes
checking whether your struct utmp has ut_user... yes
checking whether your struct utmp has ut_host... yes
checking whether your struct utmp has ut_exit... yes
checking whether your syslog.h defines LOG_CRON... yes
checking whether your syslog.h defines LOG_FTP... yes
checking for d_fd in DIR structure... no
checking for dd_fd in DIR structure... no
checking for __dd_fd in DIR structure... no
checking for working alloca.h... yes
checking for alloca... yes
checking for alloca in -lucb... no
checking whether gcc needs -traditional... no
checking whether setpgrp takes no argument... yes
checking return type of signal handlers... void
checking for vprintf... yes
checking for _doprnt... no
checking for bcopy... yes
checking for crypt... yes
checking for fgetgrent... yes
checking for fgetpwent... yes
checking for flock... yes
checking for freeaddrinfo... yes
checking for gai_strerror... yes
checking for getaddrinfo... yes
checking for getcwd... yes
checking for gethostname... yes
checking for getnameinfo... yes
checking for getopt_long... yes
checking for gettimeofday... yes
checking for inet_aton... yes
checking for inet_ntop... yes
checking for inet_pton... yes
checking for memcpy... yes
checking for mempcpy... yes
checking for mkdir... yes
checking for mkstemp... yes
checking for mlock... yes
checking for mlockall... yes
checking for munlock... yes
checking for munlockall... yes
checking for rmdir... yes
checking for select... yes
checking for setgroups... yes
checking for socket... yes
checking for statfs... yes
checking for strchr... yes
checking for strcoll... yes
checking for strerror... yes
checking for strsep... yes
checking for strtol... yes
checking for setprotoent... yes
checking for endprotoent... yes
checking for vsnprintf... yes
checking for snprintf... yes
checking for setsid... yes
checking for setgroupent... no
checking for seteuid... yes
checking for setegid... yes
checking for siginterrupt... yes
checking for setpgid... yes
checking for regcomp... yes
checking for tzset... yes
checking for pathconf... yes
checking for fpathconf... yes
checking for fgetspent... yes
checking for setpassent... no
checking whether struct addrinfo is defined... yes
checking whether struct sockaddr_storage is defined... yes
checking whether ss_family is defined... yes
checking whether ss_len is defined... no
checking whether __ss_len is defined... no
checking whether setgrent returns void... yes
checking for initscr in -lcurses... yes
checking for initscr in -lncurses... yes
checking for setproctitle... no
checking libutil.h usability... no
checking libutil.h presence... no
checking for libutil.h... no
checking for setproctitle in -lutil... no
checking sys/pstat.h usability... no
checking sys/pstat.h presence... no
checking for sys/pstat.h... no
checking whether __progname and __progname_full are available... yes
checking which argv replacement method to use... writeable
checking whether printf supports %llu format... yes
checking whether gcc accepts -Wno-long-double... no
configure: creating ./config.status
config.status: creating lib/Makefile
config.status: creating modules/Makefile
config.status: creating src/Makefile
config.status: creating src/proftpd.8
config.status: creating src/xferlog.5
config.status: creating utils/Makefile
config.status: creating utils/ftpcount.1
config.status: creating utils/ftpshut.8
config.status: creating utils/ftptop.1
config.status: creating utils/ftpwho.1
config.status: creating Makefile
config.status: creating Make.rules
config.status: creating config.h
config.status: executing default commands
[root@knowledgebase proftpd-1.2.9rc2p]#
[root@knowledgebase proftpd-1.2.9rc2p]# make
echo \#define BUILD_STAMP \"`date`\" >include/buildstamp.h
cd lib/ && make lib
make[1]: Wechsel in das Verzeichnis Verzeichnis »/usr/src/proftpd-1.2.9rc2p/lib«
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c pr_fnmatch.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c sstrncpy.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c strsep.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c vsnprintf.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c glibc-glob.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c glibc-mkstemp.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c pr-syslog.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c pwgrent.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c getopt.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c getopt1.c
ar rc libsupp.a pr_fnmatch.o sstrncpy.o strsep.o vsnprintf.o glibc-glob.o glibc-mkstemp.o pr-syslog.o pwgrent.o getopt.o getopt1.o
ranlib libsupp.a
make[1]: Verlassen des Verzeichnisses Verzeichnis »/usr/src/proftpd-1.2.9rc2p/lib«
cd src/ && make src
make[1]: Wechsel in das Verzeichnis Verzeichnis »/usr/src/proftpd-1.2.9rc2p/src«
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c main.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c timers.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c sets.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c pool.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c regexp.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c dirtree.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c support.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c netaddr.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c inet.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c log.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c bindings.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c scoreboard.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c feat.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c netio.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c response.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c ident.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c data.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c modules.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c auth.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c fsio.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c mkhome.c
make[1]: Verlassen des Verzeichnisses Verzeichnis »/usr/src/proftpd-1.2.9rc2p/src«
cd modules/ && make modules
make[1]: Wechsel in das Verzeichnis Verzeichnis »/usr/src/proftpd-1.2.9rc2p/modules«
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c mod_core.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c mod_xfer.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c mod_auth_unix.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c mod_auth_file.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c mod_auth.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c mod_ls.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c mod_log.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c mod_site.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c mod_sql.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c mod_sql_mysql.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c mod_conf_sql.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c mod_ifsession.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c mod_wrap.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c mod_wrap_file.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c mod_wrap_sql.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c mod_tls.c
gcc  -DLINUX  -I.. -I../include -I/usr/include/mysql -O2 -Wall -c mod_exec.c
mod_exec.c: In function `exec_subst_var':
mod_exec.c:402: structure has no member named `remote_ipaddr'
mod_exec.c:402: structure has no member named `remote_ipaddr'
make[1]: *** [mod_exec.o] Fehler 1
make[1]: Verlassen des Verzeichnisses Verzeichnis »/usr/src/proftpd-1.2.9rc2p/modules«
make: *** [modules] Fehler 2                                
Gespeichert

RedHat 8.0 (2.4er Kernel)
proftpd 1.2.10
-mod_sql_mysql
-mow_wrap
-mod_exec
-mod_ifsession[/size]
Seiten: [1]   Nach oben
  Drucken  
 
Gehe zu:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC Prüfe XHTML 1.0 Prüfe CSS
Seite erstellt in 0.061 Sekunden mit 15 Zugriffen.