|Summary:||Login bug in wu-ftpd-2.4.2b18-2.1|
|Product:||[Retired] Red Hat Linux||Reporter:||sweeheng|
|Component:||wu-ftpd||Assignee:||Bernhard Rosenkraenzer <bero>|
|Status:||CLOSED NEXTRELEASE||QA Contact:|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||1999-08-23 22:29:27 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description sweeheng 1999-03-18 10:06:31 UTC
I am getting a perculiar behaviour from the wu-ftpd-2.4.2b18-2.1.i386.rpm package downloaded from updates.redhat.com. It is reproducible for me. Scenario: I configured /etc/ftpaccess to allow only guest accounts, ie. no real and anonymous access. I modified the default ftpaccess file so that the first line reads: class guestuser guest * To verify it, I ftp to my machine using various combinations of real, guest and anonymous accounts. Almost every time it works - real and anonymous users rejected while guest admitted if password is right. I said almost because if I do it in the following sequence, I can get anonymous access: 1. FTP to machine; 2. Login as a *valid* guest user ("adam" in this example) Name(machine-name:someuser): adam <Enter> 331 Password required for adam. 3. Provide blank/dummy password. Password: <Enter> 530 Login incorrect. 4. Just as one would expect for the wrong password. However, immediately login as anonymous. ftp> user anonymous <enter> 331 Guest login ok, send your complete ...<blah> 5. Give some random address. Password: email@example.com <Enter> 230 Guest login ok, access restriction apply. Tada! I get anonymous access when I am not supposed to. Seems like the first login as a valid guest user (but with the wrong password) sets some flag which subsequently makes ftpd forget the fact that anonymous access is not allowed. I believe the wu-ftpd VR14 release have the same problem too.
Comment 1 Jeff Johnson 1999-06-07 12:24:59 UTC
Commenting out the 1st class line in /etc/ftpaccess and adding class guestuser guest * guestuser adam after adding user adam verifies that wu-ftpd-2.4.2vr17-3 has this behavior also.
Comment 2 Jeff Johnson 1999-08-23 22:29:59 UTC
Fixed in wu-ftpd-2.5.0-5.