CISCOballgree.gif (326 bytes)Microsoftballgree.gif (326 bytes)UNIX ballgree.gif (326 bytes)Netwareballgree.gif (326 bytes)Password crackballgree.gif (326 bytes)Железные проблемыballgree.gif (326 bytes)О странных вирусах ballgree.gif (326 bytes)Programming

Статьи  ballgree.gif (326 bytes) HackingTools  ballgree.gif (326 bytes) Закон   ballgree.gif (326 bytes) URLs  ballgree.gif (326 bytes) Подвал

Утилиты аудитинга  ballgree.gif (326 bytes) Утилиты системного администратора  ballgree.gif (326 bytes) Утилиты взлома  
ballgree.gif (326 bytes) Методы взлома  ballgree.gif (326 bytes)


| Auto_FTP v0.02 Advisory ( 5 Oct 1999)
Auto_FTP.pl v0.2 Advisory 10/5/99
Nightfall Security Group (www.nfsg.org)

Auto_FTP.pl is a perl script that utilizes a shared directory, anytime
something new is put into the shared directory it transfers it to the
specified ftp site. Auto_FTP is available via freshmeat.net at
http://apps.freshmeat.net/download/938443720/.

Auto_FTP uses a configuration file that can be found in
/etc/auto_ftp.conf, which contains the username, password and IP address
of the remote ftp site in plain text. Thereby allowing anyone
with read access to /etc to view the login and password to the ftp site.

Another problem is that the shared directory by default is /tmp/ftp_tmp
which can be viewed by any users on the machine. If you are transferring
sensitive material with Auto_FTP it won't be
sensitive for much longer.

Auto_FTP does not check to see what user is sending to the shared
directory. Any user on the local system could copy a file to
/tmp/ftp_tmp and have it transferred to the ftp.

Auto_FTP in summary:
- Stores login and password for remote ftp in plaintext configuration
file
- Uses a shared directory to automatically transfer files that by
default can be used and viewed by anyone
- Auto_FTP does not check to see what user sent a specific file to the
shared directory, therefore allowing anyone to copy a file to the shared
directory and have it transferred to the ftp. (The
default shared directory is /tmp/ftp_tmp).

In conclusion this program while it may be a good idea does not concern
itself with security precautions and is therefore not reccomended when
the contents of the data is important. Reminder,
plaintext passwords in a file that can be viewed by anyone is never a
good idea.

Nightfall Security Group (www.nfsg.org)
Advisory --AUTO_FTP.PL-- 10/5/99

  | PGP 6.5.1 has been released  ( 6 Jul 1999 )
Вышла новая версия PGP

  | tcpserver
tcpserver and tcpclient are easy-to-use command-line tools for building TCP client-server applications (альтернатива inetd)

| Sequre Ping 1.
   версия ping под Unix которая позволяет запустить ping со страшными опциями -s или -f только привилегированным пользователям