OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Frank DENIS (Jedi/Sector One) (j4U.NET)
Date: Tue Mar 13 2001 - 08:24:14 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

      FTPFS (http://sourceforge.net/projects/ftpfs) is a Linux kernel module,
    enhancing VFS with FTP volume mounting capabilities.

      However, it has insufficient bounds checking. If a user can enter mount
    options through a wrapper, he can take over the whole system, even with
    restricted capabilities.

      Here's a simple exploit :

    mount -t ftpfs none /mnt -o ip=127.0.0.1,user=xxxxxxxxxxxxxxxxxxxxxxxxxxxx...

      The previous command produces an immediate reboot (tested with kernel 2.4.2
    and FTPFS 0.1.1) .

      The author is aware of that vulnerability.

      Best regards,

    --
      -=- Frank DENIS aka Jedi/Sector One < spamjedi.claranet.fr > -=-
    		LINAGORA SA (Paris, France) : http://www.linagora.com