FTP Security Hole in BeOS 5.x
Posted on: 08/06/2000 03:13 PM

I noticed a post over at BeNews this morning about a security hole in Be's FTP daemon. Here's the skinny (I'll just post the email):
We have discovered a security problem in BeOS 5. If you are running BeOS 5 with the FTP server capability turned on there are some circumstances under which people can access that server without a password. There are two ways to fix the problem:

1) Turn off the FTP server in the Network Preferences panel.

OR

2) Download the replacement libroot.so file located at http://www.be.com/support/updates/. The update is available for both Personal Edition and Pro Edition

NOTE - This is a release candidate version of libroot.so. We think it's OK, but ... We will have a final version posted Monday. You can use this or use the "turn off FTP" solution in the meantime.

Installation Instructions: Download this file and place it in the /boot/ directory (drop it on the hard drive volume but not into any of the folders.) Unzipping (double-click on it) it will install the file in the correct folder. (The correct folder is boot/beos/system/lib/). After installing this file, restart networking. With this new libroot.so file you do not need to turn off the FTP server as described in solution #1.
There you have it!




Printed from 2CPU.com (http://www.2cpu.com/contentteller.php?ct=news&action=story&page=ftp_security_hole_in_beos_5x.html)