linux, säkerhet

6214279 2001-03-13 15:24 +0100  /27 rader/ Frank DENIS (Jedi/Sector One) <j@4U.NET>
Sänt av: joel@lysator.liu.se
Importerad: 2001-03-14  10:34  av Brevbäraren (som är implementerad i) Python
Extern mottagare: BUGTRAQ@SECURITYFOCUS.COM
Externa svar till: j@4U.NET
Mottagare: Bugtraq (import) <15914>
Ärende: Buffer oveflow in FTPFS (linux kernel module)
------------------------------------------------------------
From: "Frank DENIS (Jedi/Sector One)" <j@4U.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
Message-ID: <20010313152414.A1072@synchron.home.rtchat.com>

  FTPFS (http://sourceforge.net/projects/ftpfs) is a Linux kernel
module, enhancing VFS with FTP volume mounting capabilities.

  However, it has insufficient bounds checking. If a user can enter
mount options through a wrapper, he can take over the whole system,
even with restricted capabilities.

  Here's a simple exploit :

mount -t ftpfs none /mnt -o
ip=127.0.0.1,user=xxxxxxxxxxxxxxxxxxxxxxxxxxxx...

  The previous command produces an immediate reboot (tested with
kernel 2.4.2 and FTPFS 0.1.1) .

  The author is aware of that vulnerability.

  Best regards,

--
  -=- Frank DENIS aka Jedi/Sector One < spam@jedi.claranet.fr > -=-
		LINAGORA SA (Paris, France) : http://www.linagora.com
(6214279) --------------------------------(Ombruten)