COMMAND

    ftpd

SYSTEMS AFFECTED

    Systems running InteraNetWare ftp

PROBLEM

    In InteraNetWare there is a hole in the security in the ftp  part.
    If  you  install  the  ftp  then  the server vill give [public] RF
    rights in SYS:ETC !!!!!!! Novell  stores a lot off things  in ETC,
    for example if you use INETCFG to configure remoteconsole  (almost
    everyone does) then the password is stored there, along whith  all
    configuration off NICs, protocols and  filters.  And to bee  shore
    you dont remove the rights they are assigned every 24 hour!!!

    If you  want logging  of all  FTP sessions  then [public] is given
    full rights to the logfile!!!!!  Credit for discovery of this  bug
    goes to Peter Holt <peter@kd.miroi.se>