Debian Security Advisory

ftpwatch -- root compromise in ftpwatch

Date Reported:
17 Jan 1999
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-1999-0457.
More information:
We have found that the ftpwatch package as distributed in Debian GNU/Linux 1.3 and later distributions has a security problem which makes it trivial for users to gain root access.

We recommend that you remove the ftpwatch package immediately.

We will be working on a new version of ftpwatch to address these issues and will announce that in a new advisory.

A new advisory was never issued. The updated package is available in newer distributions, and its Debian README file contains this:

Due to security problems, FTPWatch no longer installs itself in the
root crontab file. Instead, every user who wants to use it has to place it
in their own crontab. To get a weekly update as before, the following
line could be used:

  47 5    * * 7 /usr/sbin/ftpwatch

This also means that all files in ~/.ftpwatch/ have to be chown'ed to
be owned by the user instead of root.