Date: 23 Apr 2001 12:16:44 +0200 From: Dag-Erling Smorgrav <des@ofug.org> To: Victor Sudakov <sudakov@sibptus.tomsk.ru> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Q: Impact of globbing vulnerability in ftpd Message-ID: <xzpitjvgbub.fsf@flood.ping.uio.no> In-Reply-To: <20010423111632.B17342@sibptus.tomsk.ru> References: <20010423111632.B17342@sibptus.tomsk.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Victor Sudakov <sudakov@sibptus.tomsk.ru> writes: > I do not quite understand the impact of the globbing vulnerability. There was an exploitable buffer overflow in the globbing code. > As far as I understand, it can be exploited only after a user has > logged in, so ftpd is already chrooted Not necessarily. > and running with the uid of > the user at the moment. What serious trouble can an attacker > cause under these conditions? Run arbitrary code on the target machine, which may perform operations (such as creating new directories to store warez) which the FTP server normally doesn't allow the user to perform, or even exploit a local root compromise. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpitjvgbub.fsf>