Important Note for Minix 3 users:
The information on this page is relevant to some releases of Minix 3.
A vulnerable binary version of the ftp daemon was erroneously distributed with
some Beta versions of Minix 3.
Minix ftpd version 2.00 has been released and is now available here at /pub/contrib/ftpd200.tar.Z As usual a short descriptive text file is also available: /pub/contrib/ftpd200.txt. The newest version is also available from the site of the author, Michael Temari, as http://TemWare.com/files/ftpd.tar.Z.
If you are running an FTP server on a Minix system please be aware that a security vulnerability was discovered in ftpd version 1.00. It has been determined that the vulnerability was present in all earlier versions of ftpd, including those released with all versions of Minix 2.0.x through 2.0.4. The vulnerability was fixed with the release of ftpd 1.01 in early February 2005, at the same time that existence of the problem with earlier versions was announced on comp.os.minix and the minix-l mailing list. If you are running version 1.01 you are probably safe, but upgrading to version 2.00 is recommended. Version 1.01 was the result of a quick effort to fix the vulnerability, version 2.00 reimplements critical parts of the code.
Important: The vulnerability in earlier versions is present whether or not anonymous ftp service is offered. If you are running any version of ftpd previous to 1.01 on a networked system you must shut down FTP by disabling startup of the ftp daemon in /etc/rc (or /etc/rc.net in Minix 2.0.4) and you should make sure the ftp daemon cannot run, i.e., 'rm /usr/bin/in.ftpd'.
If you do not need ftp (or any other network service) you are safest if you do not allow the service to run at all and remove the executable from any directory from which it could be started.
The easiest way to determine the version of your ftpd is to connect with the Minix ftp client on the same system and issue a "status" command. This can be done even without logging in. Here's an example:
ftp>status 211-parsnip.woodhull.com(192.168.1.90:21) FTP server status: Version 2.00 Thu, 17 Mar 2005 20:03:30 EST Connected to 192.168.1.90:49194 Not logged in MODE: Stream TYPE: Ascii 211 End of status ftp>
|[HOME]||[HINTS/FAQ]||[MINIX DOWNLOADS]||[CONTRIB SOFTWARE]|