4535290 1999-11-29  22:21  /62 rader/ Postmaster
Mottagare: Bugtraq (import) <8705>
Ärende: wu-ftpd bug
------------------------------------------------------------
Approved-By: aleph1@SECURITYFOCUS.COM
Delivered-To: bugtraq@lists.securityfocus.com
Delivered-To: bugtraq@securityfocus.com
X-Sender: marcys@pentium.localdomain
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID:  <Pine.LNX.4.10.9911291642130.1580-100000@pentium.localdomain>
Date:         Mon, 29 Nov 1999 17:43:16 +0100
Reply-To: m4rcyS <marcys@FREE.COM.PL>
Sender: Bugtraq List <BUGTRAQ@SECURITYFOCUS.COM>
From: m4rcyS <marcys@FREE.COM.PL>
X-To:         bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM

I guess some people hope to find here remote shell xploit, huehue.
Calm down, not this time ;) OK, let's go. Everything happens on
vanilla RH 6.1 box.

$ man ftpaccess

       guestserver [<hostname>]
            Controls  which  hosts  may  be used for anonymous or
            guest access.  If used without <hostname>, denies all
            guest  or  anonymous  access to this site.  More than
            one <hostname> may be specified.  Guest and anonymous
            access  will  only  be allowed on the named machines.
            If access is denied, the user will be ased to use the
            first <hostname> listed.


This one looks especially interesting: "If used without <hostname>, denies
all guest or anonymous access to this site."
Hmm, let's try:

# echo guestserver >>/etc/ftpaccess
$ ftp 0
Connected to 0.
220 FTP server ready.
Name (0:marcys): ftp
331 Guest login ok, send your complete e-mail address as password.

Huh ? Pretty funny :) Now there're 3 possibilities:
1. ftpd bug
2. man page bug
3. I'm misunderstanding all this stuff

Which one's correct ?

PS.: One thing I'm sure. There is a bug in manpage. Patch? It's
     straightforward - just do:
     sed -e 's/ased/asked/g' /usr/man/man5/ftpaccess.5 >~/abc ;
     mv -f ~/abc /usr/man/man5/ftpaccess.5
     ;))


greetz,
____________________________________________________________
                              m4rcyS
                   email: marcel@linux.com.pl, m@sh.pl
"I think there is a world market for maybe five computers."
                     - Thomas Watson, chairman of IBM, 1943
------------------------------------------------------------
(4535290) -----------------------------------