From: Tru64 User (tru64user@yahoo.com)
Date: Fri Jun 14 2002 - 15:36:40 EDT
Thanks to the response i received to the summary,
coming from Damon Goforth, Jay Wren and Dan Riley. All
pointed me in the same, right direction.
FTP WAS chmodable, but only under proper directory
permissions (ie. Command was executable).
Under proftpd-1.2.4, I added the directive
AllowChmod off
restarted ftpd, and now, even under proper perms, ftp
is not chmodable.(Mesg. "Chmod not allowed")
Proftpd documentation has this directive as defaulting
to "off", but i just saw that not to be the case. One
has to define it in the config files.
What can be done to default tru64 ftpd, which has no
config file? Guess, switch everything to proftpd or
similar!
Richard.
:::Replies:::
**************************
Hey there -
Here is a way to reproduce the error .
ftp to the remote system, at the prompt type
ftp> quote site chmod [numerical expression, like
0770] filename
That *should* chmod the file
Damon M. Goforth
*******************************
I'm sorry I didn't response sooner. I believe in your
original message
you asked for a way to verify what ISS was detecting.
Here is a way to do what ISS is doing:
ftp with your client and use the 'site' command. See
site help for
more
info.
when the site command asks for arguments give it the
chmod <mode>
<filename> command maybe something like this:
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
pub
welcome.msg
linux
sunfreeware
README
226-Transfer complete.
226 Quotas off
46 bytes received in 0.021 seconds (2.14 Kbytes/s)
ftp> site
(arguments to SITE command) CHMOD 0644 README
550 README: Permission denied
ftp>
ISS is probably complaining that the ability even
exists to do this and
not checking whether or not the permission is
available to chmod. It
is
a good thing to be able to chmod in FTP, it helps in
setting file modes
when uploading world readable files in the case of a
web site or
something.
I hope this helps.
-- Jay R. Wren --- Tru64 User <tru64user@yahoo.com> wrote: > No takers on this one. > I could not reproduce what ISS keeps claiming to be > a > problem. > Couldn't find much about it on the web either. > Closest: > > FTP server allows the chmod command to be executed > > > > > Risk Level: High Check or Attack Name: > FTPchmodable > > > > Platforms: FTP > > > > Description: Some File Transfer Protocol (FTP) > servers could be > > misconfigured to allow users to execute the chmod > command on files > > under the FTP directory structure. This ability > could allow an > > attacker to modify files or replace them with > trojan > horse programs. > > > > Remedy: Configure your FTP server not to allow > users > to execute the > > chmod command. > > > > References: Internet Security Systems, Inc., > Anonymous FTP FAQ, > > http://xforce.iss.net/library/faqs/anonftp.php > > > > _Thanks > > > > > --- Tru64 User <tru64user@yahoo.com> wrote: > > Dealing with sec. issues, ISS scanner keeps > > reporting > > FTPchmodable. I have doublechecked everything i > can > > think of...(anony FTP, followed all guidelines for > > setting up anonymous ftp available online) using > > default ftpd of 4.0G. > > > > Then i took out the 4.0G default ftpd, and > installed > > proftpd-1.2.4, with tight security. ISS still > > reports > > the same. > > > > How can i verify the chmodable (simply ftp'ing and > > trying chmod for a file ofcourse says command > > unknown), before declaring this a false positive? > > > > Thanks for all ideas in advance. > > Richard > > > > ===== > > > > > > __________________________________________________ > > Do You Yahoo!? > > Yahoo! - Official partner of 2002 FIFA World Cup > > http://fifaworldcup.yahoo.com > > > ===== > > > __________________________________________________ > Do You Yahoo!? > Yahoo! - Official partner of 2002 FIFA World Cup > http://fifaworldcup.yahoo.com ===== __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:48:44 EDT