Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1994: Re: wu-ftpd info.

Re: wu-ftpd info.

Christopher Klaus (cklausshadow.net)
Wed, 13 Apr 94 21:03:28 EDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Tom Fitzgerald: "Re: chrooted superuser (was wu-ftpd info.)"
Previous message: Michael Neuman: "Re: NFS exporting"
In reply to: Marc W. Mengel: "Re: wu-ftpd info."
Next in thread: Paul A Vixie: "Re: wu-ftpd info."

> 
> 
> In <9404131412.AA01024racerx>  you write:
>   
>   What are the dangers posed by someone gaining root access, as through a
>   trojaned ftpd, in a _chrooted_ environment, assuming that the environment
>   gets chrooted before there's any chance of compromise?  Granted, you
>   don't want strangers enabled to wreak havoc with your ftp heirarchy
>   (and planting _more_ trojans), but what kind of threats can be posed
>   to the rest of the system from such a toehold?
> 
> 
> Quickest is to put a mknod  and dump executable in the filetree, start 
> doing mknod's of block devices, have dump spew them back to your local 
> host where you can read any files you want with restore...
> 
With everyone throwing in suggestions of how to exploit this situation,
here's another:  stick a nfs client program on the host and
use it to mount the NFS system, or atleast grab the file handles,
since your requests are coming from the 'trusted' machine, it should be no
problem.  


-- 
Christopher William Klaus  Email: cklausshadow.net  Author:Inet Sec. Scanner
2209 Summit Place Drive,Dunwoody, GA 30350-2430. (404)998-5871.

Next message: Tom Fitzgerald: "Re: chrooted superuser (was wu-ftpd info.)"
Previous message: Michael Neuman: "Re: NFS exporting"
In reply to: Marc W. Mengel: "Re: wu-ftpd info."
Next in thread: Paul A Vixie: "Re: wu-ftpd info."