Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1998_1

Bugtraq archives for 1st quarter (Jan-Mar) 1998: ncftp 2.4.2 MkDirs bug

ncftp 2.4.2 MkDirs bug

Michal Zalewski (lcamtufBOSS.STASZIC.WAW.PL)
Thu, 19 Mar 1998 18:49:46 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Peter van Dijk: "bug in su (Slackware 3.4)"
Previous message: Bill Becker: "Re: BSD/OS 3.0 config_anonftp script"
Next in thread: Theo Van Dinter: "Re: ncftp 2.4.2 MkDirs bug"

Bug:

ncftp 2.4.2 has ability to automatic download of whole directories (get
-R). Unfortunately, when downloaded, directories are created using
system() call. So if somewhere, deeply into downloaded directory
structure, lies directory called eg. "`touch GOTCHA`", given code will be
executed without knowledge nor permission of victim.

Fix:

replace system() call in Util.h with mkdir().

_______________________________________________________________________
Michal Zalewski [tel 9690] | finger 4 PGP [lcamtufboss.staszic.waw.pl]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
=--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------=

Next message: Peter van Dijk: "bug in su (Slackware 3.4)"
Previous message: Bill Becker: "Re: BSD/OS 3.0 config_anonftp script"
Next in thread: Theo Van Dinter: "Re: ncftp 2.4.2 MkDirs bug"