From: Tru64 User (tru64user@yahoo.com)
Date: Fri Jun 14 2002 - 13:09:59 EDT
No takers on this one.
I could not reproduce what ISS keeps claiming to be a
problem.
Couldn't find much about it on the web either.
Closest:
> FTP server allows the chmod command to be executed
>
> Risk Level: High Check or Attack Name: FTPchmodable
>
> Platforms: FTP
>
> Description: Some File Transfer Protocol (FTP)
servers could be
> misconfigured to allow users to execute the chmod
command on files
> under the FTP directory structure. This ability
could allow an
> attacker to modify files or replace them with trojan
horse programs.
>
> Remedy: Configure your FTP server not to allow users
to execute the
> chmod command.
>
> References: Internet Security Systems, Inc.,
Anonymous FTP FAQ,
> http://xforce.iss.net/library/faqs/anonftp.php
>
_Thanks
--- Tru64 User <tru64user@yahoo.com> wrote:
> Dealing with sec. issues, ISS scanner keeps
> reporting
> FTPchmodable. I have doublechecked everything i can
> think of...(anony FTP, followed all guidelines for
> setting up anonymous ftp available online) using
> default ftpd of 4.0G.
>
> Then i took out the 4.0G default ftpd, and installed
> proftpd-1.2.4, with tight security. ISS still
> reports
> the same.
>
> How can i verify the chmodable (simply ftp'ing and
> trying chmod for a file ofcourse says command
> unknown), before declaring this a false positive?
>
> Thanks for all ideas in advance.
> Richard
>
> =====
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! - Official partner of 2002 FIFA World Cup
> http://fifaworldcup.yahoo.com
=====
__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:44 EDT