Skip Menu |

From Thu Aug 7 15:04:58 1997
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU []) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id PAA03544 for <bugs@RT-11.MIT.EDU>; Thu, 7 Aug 1997 15:04:57 -0400
Received: from by MIT.EDU with SMTP
id AA18226; Thu, 7 Aug 97 15:04:56 EDT
Received: (from root@localhost)
by (8.8.4+UW97.07/8.8.4+UW97.05)
id MAA113060; Thu, 7 Aug 1997 12:04:55 -0700
Message-Id: <>
Date: Thu, 7 Aug 1997 12:04:55 -0700
To: krb5-bugs@MIT.EDU
Subject: ftpd fails to call endusershell()
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 457
>Category: krb5-appl
>Synopsis: ftpd skips endusershell(), can't repeat USER.
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Aug 07 15:05:01 EDT 1997
>Last-Modified: Tue Jul 28 04:58:38 EDT 1998
>Originator: Donn Cave
University of Washington University Computing Services
Show quoted text
>Release: 1.0pl1
Berkeley derived UNIX platforms.
System: AIX melville 2 4 000010504900

Show quoted text
The endusershell() call in gssftp/ftpd/ftpd.c is commented out,
with the annotation "breaks on Solaris 2.4". Without endusershell(),
the USER command fails after the first time, where a normal ftpd
can repeat USER/PASS until it works. Ftpd sleeps between iterations,
so the attack implications of this appear to have already been

Show quoted text
Connect to host where ftpd uses getusershell() to validate the
account (i.e. /etc/shells.) Enter the wrong password, then try the
"user" command over.

Show quoted text
Uncomment endusershell(), at least if not on Solaris 2.4.
Show quoted text

State-Changed-From-To: open-closed
State-Changed-By: mdh
State-Changed-When: Tue Jul 28 04:58:15 1998

This PR duplicates PR 485.

Show quoted text