Bug 67762 - Security problem: ftpaccess file overwriten when using up2date
Security problem: ftpaccess file overwriten when using up2date
Status: CLOSED DUPLICATE of bug 57763
Product: Red Hat Linux
Classification: Retired
Component: wu-ftpd (Show other bugs)
7.2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: wdovlrrw
David Lawrence
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-07-01 15:59 EDT by Graham Whiteside
Modified: 2007-04-18 12:43 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-21 13:49:10 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Graham Whiteside 2002-07-01 15:59:23 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 
1.0.3705)

Description of problem:
The /etc/ftpaccess access file is overwriten when updating system using the 
up2date process. Any config for virtual ftp servers are removed giving 
external users access to other parts of your file system.

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try

Steps to Reproduce:
1.use up2date alow wu-ftp upgrade
2.check /etc/ftpaccess or access using ftp client
3.
	

Actual Results:  External ftp users had access to areas of my server not 
normally allowed.

Expected Results:  /etc/ftpaccess should remain untouched.

Additional info:

Security loophole.
Comment 1 Alan Cox 2002-12-18 12:24:46 EST

*** This bug has been marked as a duplicate of 57763 ***
Comment 2 Red Hat Bugzilla 2006-02-21 13:49:10 EST
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.