Date: Mon, 23 Apr 2001 00:28:36 -0400 From: Andrew Barros <abarros@tjhsst.edu> To: Victor Sudakov <sudakov@sibptus.tomsk.ru> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Q: Impact of globbing vulnerability in ftpd Message-ID: <20010423002836.C24869@tjhsst.edu> In-Reply-To: <20010423111632.B17342@sibptus.tomsk.ru>; from sudakov@sibptus.tomsk.ru on Mon, Apr 23, 2001 at 11:16:32AM %2B0800 References: <20010423111632.B17342@sibptus.tomsk.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--9Ek0hoCL9XbhcSqy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable The problem lies in that when you tell ftpd to get * it has to make a list= =20 of all those files, now for a really complex pattern like=20 */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../= */../*/.. ftpd will take a long time to build the list. Thats the globbing vulnerabi= lity. -ajb On Mon, Apr 23, 2001 at 11:16:32AM +0800, Victor Sudakov wrote: ->Colleagues: -> ->I do not quite understand the impact of the globbing vulnerability. -> ->As far as I understand, it can be exploited only after a user has ->logged in, so ftpd is already chrooted and running with the uid of ->the user at the moment. What serious trouble can an attacker ->cause under these conditions? -> ->Thank you for any input. -> ->--=20 ->Victor Sudakov, VAS4-RIPE, VAS47-RIPN ->2:5005/149@fidonet http://vas.tomsk.ru/ -> ->To Unsubscribe: send mail to majordomo@FreeBSD.org ->with "unsubscribe freebsd-security" in the body of the message ---end quoted text--- --=20 Andrew Barros <abarros@tjhsst.edu> PGP Key Fingerprint: D3B8 0800 C45A 143E 5CF0 E112 0A1B AB36 B655 1FB8 --9Ek0hoCL9XbhcSqy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE64690ChurNrZVH7gRAgLvAJ4qSQZ+poEiWdLKxsjo3cSrhaE6MgCeLGyl 5KkH1DjQl64N9gQBfZUnfgg= =SEnO -----END PGP SIGNATURE----- --9Ek0hoCL9XbhcSqy-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010423002836.C24869>