Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Frank DENIS (Jedi/Sector One) (j4U.NET)
Date: Tue Mar 13 2001 - 08:24:14 CST
FTPFS (http://sourceforge.net/projects/ftpfs) is a Linux kernel module,
enhancing VFS with FTP volume mounting capabilities.
However, it has insufficient bounds checking. If a user can enter mount
options through a wrapper, he can take over the whole system, even with
Here's a simple exploit :
mount -t ftpfs none /mnt -o ip=127.0.0.1,user=xxxxxxxxxxxxxxxxxxxxxxxxxxxx...
The previous command produces an immediate reboot (tested with kernel 2.4.2
and FTPFS 0.1.1) .
The author is aware of that vulnerability.
-- -=- Frank DENIS aka Jedi/Sector One < spamjedi.claranet.fr > -=- LINAGORA SA (Paris, France) : http://www.linagora.com