From owner-freebsd-security Sun Apr 22 21:40:39 2001 Delivered-To: freebsd-security@freebsd.org Received: from threat.tjhsst.edu (threat.tjhsst.edu [198.38.16.9]) by hub.freebsd.org (Postfix) with ESMTP id A097937B42C for ; Sun, 22 Apr 2001 21:40:35 -0700 (PDT) (envelope-from abarros@threat.tjhsst.edu) Received: (from abarros@localhost) by threat.tjhsst.edu (8.11.3/8.11.3) id f3N4Sa631156; Mon, 23 Apr 2001 00:28:36 -0400 Date: Mon, 23 Apr 2001 00:28:36 -0400 From: Andrew Barros To: Victor Sudakov Cc: freebsd-security@FreeBSD.ORG Subject: Re: Q: Impact of globbing vulnerability in ftpd Message-ID: <20010423002836.C24869@tjhsst.edu> Mail-Followup-To: Victor Sudakov , freebsd-security@FreeBSD.ORG References: <20010423111632.B17342@sibptus.tomsk.ru> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="9Ek0hoCL9XbhcSqy" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010423111632.B17342@sibptus.tomsk.ru>; from sudakov@sibptus.tomsk.ru on Mon, Apr 23, 2001 at 11:16:32AM +0800 X-Operating-System: Linux threat.tjhsst.edu 2.2.17 X-I-Graduate-In: 57.2020486111111 days Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org --9Ek0hoCL9XbhcSqy Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable The problem lies in that when you tell ftpd to get * it has to make a list= =20 of all those files, now for a really complex pattern like=20 */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../= */../*/.. ftpd will take a long time to build the list. Thats the globbing vulnerabi= lity. -ajb On Mon, Apr 23, 2001 at 11:16:32AM +0800, Victor Sudakov wrote: ->Colleagues: -> ->I do not quite understand the impact of the globbing vulnerability. -> ->As far as I understand, it can be exploited only after a user has ->logged in, so ftpd is already chrooted and running with the uid of ->the user at the moment. What serious trouble can an attacker ->cause under these conditions? -> ->Thank you for any input. -> ->--=20 ->Victor Sudakov, VAS4-RIPE, VAS47-RIPN ->2:5005/149@fidonet http://vas.tomsk.ru/ -> ->To Unsubscribe: send mail to majordomo@FreeBSD.org ->with "unsubscribe freebsd-security" in the body of the message ---end quoted text--- --=20 Andrew Barros PGP Key Fingerprint: D3B8 0800 C45A 143E 5CF0 E112 0A1B AB36 B655 1FB8 --9Ek0hoCL9XbhcSqy Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE64690ChurNrZVH7gRAgLvAJ4qSQZ+poEiWdLKxsjo3cSrhaE6MgCeLGyl 5KkH1DjQl64N9gQBfZUnfgg= =SEnO -----END PGP SIGNATURE----- --9Ek0hoCL9XbhcSqy-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message