Sun-3 tftp daemon is required on servers but insecure
gnu at hoptoad.UUCP
gnu at hoptoad.UUCP
Sun Apr 20 08:43:05 AEST 1986
Index: network
Category: security
Severity: critical
Status: open
Release: Sun Unix 3.0 FCS
Customer:
John Gilmore
Nebula Consultants
1805 Golden Gate Ave.
San Francisco, CA 94115
+1 415 931 4667 voice
sun!hoptoad!gnu data
Description:
The tftp daemon allows anyone on the internetwork to read
any publicly readable file (e.g. /etc/passwd) on the system.
This has been true since 4.2BSD on Vaxen.
In earlier systems it was possible to turn off this daemon
and avoid the bug. In 3.0, the bug has not been fixed, and
tftp has been made required for servers, since it is used
to boot clients.
Repeat-By:
% tftp host
> get /etc/passwd /tmp/pw
> get /etc/hosts.equiv /tmp/he
> get /.rhosts /tmp/rh
> q
%
examine them, run password breaking programs, break in.
Fix:
Fix the tftp daemon to provide the same level of security
as the ftp daemon (eg. do a "chroot" to a private directory).
--
John Gilmore {sun,ptsfa,lll-crg,ihnp4}!hoptoad!gnu jgilmore at lll-crg.arpa
Post no bills.
More information about the Comp.unix.wizards
mailing list