Bugtraq mailing list archives

Re: WU.FTPD vulnerability: gnu tar possibly others

From: melo () co telenet pt (Pedro Melo)
Date: Mon, 19 Aug 1996 18:53:58 GMT


On Mon, 19 Aug 1996 14:09:19 +0100, you wrote:

quote site exec tar  -c -v --rsh-command=commandtorunasftp -f somebox:foo foo

Gnu tar allows you to specify which binary you wish to run.

Fix:
       Use a dumber tar. Also carefully evaluate any other binaries
you have to avoid unpleasant and similar suprises.


Better Fix:
  Disable site exec. You can give the tar benefits without site exec. See
ftpconversions, if I'm not mistaken...

Melo

--
************** Pedro Melo (melo () co telenet pt) BOFH ******************
* TELENET, Servicos de Telecomunicacoes, SA   -  Tel. +351 1 3871010 *
* finger melo () finger co telenet pt or search key servers for PGP key *
************* http://www.co.telenet.pt/personal/melo/ ****************

Current thread:

Re: libresolv+ bug, (continued)
- - - Re: libresolv+ bug Nelson Murilo (Aug 18)
    - Re: libresolv+ bug Brian Mitchell (Aug 18)
    - Re: libresolv+ bug Casper Dik (Aug 19)
    - Re: libresolv+ bug Alan Cox (Aug 19)
    - Re: libresolv+ bug Brian Mitchell (Aug 19)
    - Re: libresolv+ bug David Holland (Aug 19)
    - Re: libresolv+ bug Alan Cox (Aug 19)
    - Re: libresolv+ bug Steve Czetty (Aug 19)
    - real time decode of tcpdump output Michael Ryan (Aug 19)
    - WU.FTPD vulnerability: gnu tar possibly others Alan Cox (Aug 19)
    - Re: WU.FTPD vulnerability: gnu tar possibly others Pedro Melo (Aug 19)
    - Re: WU.FTPD vulnerability: gnu tar possibly others Christian Limpach (Aug 19)
    - SECURITY FIX/UPDATE: anonftp Elliot Lee (Aug 19)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Igor Chudov @ home (Aug 18)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Evil Pete (Aug 18)
    - CERT Advisory CA-96.18 - Vulnerability in fm_fls CERT Advisory (Aug 14)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Ficus Kirkpatrick (Aug 13)
    - Re: Possible bufferoverflow condition in lpr, xterm and xload Alexander O. Yuriev (Aug 14)
    - Tracking tools? David Miller (Aug 14)
    - Re: Tracking tools? Gene Titus (Aug 15)
    - Re: Tracking tools? neill (Aug 15)

(Thread continues...)