From owner-freebsd-security Tue Apr 24 11:50:24 2001 Delivered-To: freebsd-security@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-27.dsl.lsan03.pacbell.net [63.207.60.27]) by hub.freebsd.org (Postfix) with ESMTP id A803837B424 for ; Tue, 24 Apr 2001 11:50:22 -0700 (PDT) (envelope-from kris@obsecurity.org) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 3FFBC66DF6; Tue, 24 Apr 2001 11:50:22 -0700 (PDT) Date: Tue, 24 Apr 2001 11:50:22 -0700 From: Kris Kennaway To: Victor Sudakov Cc: Crist Clark , Dag-Erling Smorgrav , freebsd-security@FreeBSD.ORG Subject: Re: Q: Impact of globbing vulnerability in ftpd Message-ID: <20010424115022.F89156@xor.obsecurity.org> References: <20010423111632.B17342@sibptus.tomsk.ru> <20010423190737.A25969@sibptus.tomsk.ru> <3AE45EAC.18A180EE@globalstar.com> <20010424100044.B40591@sibptus.tomsk.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="HCdXmnRlPgeNBad2" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010424100044.B40591@sibptus.tomsk.ru>; from sudakov@sibptus.tomsk.ru on Tue, Apr 24, 2001 at 10:00:44AM +0800 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --HCdXmnRlPgeNBad2 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Tue, Apr 24, 2001 at 10:00:44AM +0800, Victor Sudakov wrote: > Do you know of any exploits that can run arbitrary code via ftpd > not with the euid of the user (possible anonymous) , but with root privileges? I'm sure they exist. Kris --HCdXmnRlPgeNBad2 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE65crtWry0BWjoQKURAgMZAJ0Q10DKku4ASszj+lAIAhBhJzwyUQCfRz/k EmLi9WYi6NCOvB+QfjaJaPM= =aAen -----END PGP SIGNATURE----- --HCdXmnRlPgeNBad2-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message