From root@melville.u.washington.edu Thu Aug 7 15:04:58 1997
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id PAA03544 for <bugs@RT-11.MIT.EDU>; Thu, 7 Aug 1997 15:04:57 -0400
Received: from melville.u.washington.edu by MIT.EDU with SMTP
id AA18226; Thu, 7 Aug 97 15:04:56 EDT
Received: (from root@localhost)
by melville.u.washington.edu (8.8.4+UW97.07/8.8.4+UW97.05)
id MAA113060; Thu, 7 Aug 1997 12:04:55 -0700
Message-Id: <199708071904.MAA113060@melville.u.washington.edu>
Date: Thu, 7 Aug 1997 12:04:55 -0700
From: donn@u.washington.edu
Reply-To: donn@u.washington.edu
To: krb5-bugs@MIT.EDU
Subject: ftpd fails to call endusershell()
X-Send-Pr-Version: 3.99
System: AIX melville 2 4 000010504900
with the annotation "breaks on Solaris 2.4". Without endusershell(),
the USER command fails after the first time, where a normal ftpd
can repeat USER/PASS until it works. Ftpd sleeps between iterations,
so the attack implications of this appear to have already been
considered.
account (i.e. /etc/shells.) Enter the wrong password, then try the
"user" command over.
State-Changed-From-To: open-closed
State-Changed-By: mdh
State-Changed-When: Tue Jul 28 04:58:15 1998
State-Changed-Why:
This PR duplicates PR 485.
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id PAA03544 for <bugs@RT-11.MIT.EDU>; Thu, 7 Aug 1997 15:04:57 -0400
Received: from melville.u.washington.edu by MIT.EDU with SMTP
id AA18226; Thu, 7 Aug 97 15:04:56 EDT
Received: (from root@localhost)
by melville.u.washington.edu (8.8.4+UW97.07/8.8.4+UW97.05)
id MAA113060; Thu, 7 Aug 1997 12:04:55 -0700
Message-Id: <199708071904.MAA113060@melville.u.washington.edu>
Date: Thu, 7 Aug 1997 12:04:55 -0700
From: donn@u.washington.edu
Reply-To: donn@u.washington.edu
To: krb5-bugs@MIT.EDU
Subject: ftpd fails to call endusershell()
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 457
>Category: krb5-appl
>Synopsis: ftpd skips endusershell(), can't repeat USER.
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Aug 07 15:05:01 EDT 1997
>Last-Modified: Tue Jul 28 04:58:38 EDT 1998
>Originator: Donn Cave
>Organization:
University of Washington University Computing Services>Category: krb5-appl
>Synopsis: ftpd skips endusershell(), can't repeat USER.
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Aug 07 15:05:01 EDT 1997
>Last-Modified: Tue Jul 28 04:58:38 EDT 1998
>Originator: Donn Cave
>Organization:
Show quoted text
>Release: 1.0pl1
>Environment:
Berkeley derived UNIX platforms.>Environment:
System: AIX melville 2 4 000010504900
Show quoted text
>Description:
The endusershell() call in gssftp/ftpd/ftpd.c is commented out,with the annotation "breaks on Solaris 2.4". Without endusershell(),
the USER command fails after the first time, where a normal ftpd
can repeat USER/PASS until it works. Ftpd sleeps between iterations,
so the attack implications of this appear to have already been
considered.
Show quoted text
>How-To-Repeat:
Connect to host where ftpd uses getusershell() to validate theaccount (i.e. /etc/shells.) Enter the wrong password, then try the
"user" command over.
Show quoted text
>Fix:
Uncomment endusershell(), at least if not on Solaris 2.4.Show quoted text
>Audit-Trail:
State-Changed-From-To: open-closed
State-Changed-By: mdh
State-Changed-When: Tue Jul 28 04:58:15 1998
State-Changed-Why:
This PR duplicates PR 485.
Show quoted text
>Unformatted: