From root@melville.u.washington.edu Thu Aug 7 15:04:58 1997 Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id PAA03544 for ; Thu, 7 Aug 1997 15:04:57 -0400 Received: from melville.u.washington.edu by MIT.EDU with SMTP id AA18226; Thu, 7 Aug 97 15:04:56 EDT Received: (from root@localhost) by melville.u.washington.edu (8.8.4+UW97.07/8.8.4+UW97.05) id MAA113060; Thu, 7 Aug 1997 12:04:55 -0700 Message-Id: <199708071904.MAA113060@melville.u.washington.edu> Date: Thu, 7 Aug 1997 12:04:55 -0700 From: donn@u.washington.edu Reply-To: donn@u.washington.edu To: krb5-bugs@MIT.EDU Subject: ftpd fails to call endusershell() X-Send-Pr-Version: 3.99 >Number: 457 >Category: krb5-appl >Synopsis: ftpd skips endusershell(), can't repeat USER. >Confidential: no >Severity: non-critical >Priority: low >Responsible: krb5-unassigned >State: closed >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Thu Aug 07 15:05:01 EDT 1997 >Last-Modified: Tue Jul 28 04:58:38 EDT 1998 >Originator: Donn Cave >Organization: University of Washington University Computing Services >Release: 1.0pl1 >Environment: Berkeley derived UNIX platforms. System: AIX melville 2 4 000010504900 >Description: The endusershell() call in gssftp/ftpd/ftpd.c is commented out, with the annotation "breaks on Solaris 2.4". Without endusershell(), the USER command fails after the first time, where a normal ftpd can repeat USER/PASS until it works. Ftpd sleeps between iterations, so the attack implications of this appear to have already been considered. >How-To-Repeat: Connect to host where ftpd uses getusershell() to validate the account (i.e. /etc/shells.) Enter the wrong password, then try the "user" command over. >Fix: Uncomment endusershell(), at least if not on Solaris 2.4. >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: mdh State-Changed-When: Tue Jul 28 04:58:15 1998 State-Changed-Why: This PR duplicates PR 485. >Unformatted: