From owner-freebsd-security Mon Apr 23 2: 2:30 2001 Delivered-To: freebsd-security@freebsd.org Received: from sibptus.tomsk.ru (sibptus.tomsk.ru [213.59.238.16]) by hub.freebsd.org (Postfix) with ESMTP id 41F3237B424 for ; Mon, 23 Apr 2001 02:02:26 -0700 (PDT) (envelope-from sudakov@sibptus.tomsk.ru) Received: (from sudakov@localhost) by sibptus.tomsk.ru (8.9.3/8.9.3) id RAA24054 for security@freebsd.org; Mon, 23 Apr 2001 17:01:03 +0800 (KRAST) (envelope-from sudakov) Date: Mon, 23 Apr 2001 12:39:34 +0800 From: Victor Sudakov To: Andrew Barros Subject: Re: Q: Impact of globbing vulnerability in ftpd Message-ID: <20010423123934.A19055@sibptus.tomsk.ru> References: <20010423111632.B17342@sibptus.tomsk.ru> <20010423002836.C24869@tjhsst.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <20010423002836.C24869@tjhsst.edu>; from abarros@tjhsst.edu on Mon, Apr 23, 2001 at 12:28:36AM -0400 Organization: AO "Svyaztransneft", SibPTUS Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, Apr 23, 2001 at 12:28:36AM -0400, Andrew Barros wrote: > The problem lies in that when you tell ftpd to get * it has to make a list > of all those files, now for a really complex pattern like > */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/.. > > ftpd will take a long time to build the list. Thats the > globbing vulnerability. FreeBSD-SA-01:33 thinks otherwise: III. Impact Remote users may be able to execute arbitrary code on the FTP server as the user running ftpd, usually root. === What you described is a DoS attack maybe, but I was speaking of the vulnerability. > > -ajb > On Mon, Apr 23, 2001 at 11:16:32AM +0800, Victor Sudakov wrote: > ->Colleagues: > -> > ->I do not quite understand the impact of the globbing vulnerability. > -> > ->As far as I understand, it can be exploited only after a user has > ->logged in, so ftpd is already chrooted and running with the uid of > ->the user at the moment. What serious trouble can an attacker > ->cause under these conditions? > -> > ->Thank you for any input. > -> > ->-- > ->Victor Sudakov, VAS4-RIPE, VAS47-RIPN > ->2:5005/149@fidonet http://vas.tomsk.ru/ > -> > ->To Unsubscribe: send mail to majordomo@FreeBSD.org > ->with "unsubscribe freebsd-security" in the body of the message > ---end quoted text--- > > -- > Andrew Barros > PGP Key Fingerprint: > D3B8 0800 C45A 143E 5CF0 E112 0A1B AB36 B655 1FB8 -- Victor Sudakov, VAS4-RIPE, VAS47-RIPN 2:5005/149@fidonet http://vas.tomsk.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message