Bugtraq mailing list archives
Re: WU.FTPD vulnerability: gnu tar possibly others
From: melo () co telenet pt (Pedro Melo)
Date: Mon, 19 Aug 1996 18:53:58 GMT
On Mon, 19 Aug 1996 14:09:19 +0100, you wrote:
quote site exec tar -c -v --rsh-command=commandtorunasftp -f somebox:foo foo Gnu tar allows you to specify which binary you wish to run. Fix: Use a dumber tar. Also carefully evaluate any other binaries you have to avoid unpleasant and similar suprises.
Better Fix: Disable site exec. You can give the tar benefits without site exec. See ftpconversions, if I'm not mistaken... Melo -- ************** Pedro Melo (melo () co telenet pt) BOFH ****************** * TELENET, Servicos de Telecomunicacoes, SA - Tel. +351 1 3871010 * * finger melo () finger co telenet pt or search key servers for PGP key * ************* http://www.co.telenet.pt/personal/melo/ ****************
Current thread:
- Re: libresolv+ bug, (continued)
- Re: libresolv+ bug Nelson Murilo (Aug 18)
- Re: libresolv+ bug Brian Mitchell (Aug 18)
- Re: libresolv+ bug Casper Dik (Aug 19)
- Re: libresolv+ bug Alan Cox (Aug 19)
- Re: libresolv+ bug Brian Mitchell (Aug 19)
- Re: libresolv+ bug David Holland (Aug 19)
- Re: libresolv+ bug Alan Cox (Aug 19)
- Re: libresolv+ bug Steve Czetty (Aug 19)
- real time decode of tcpdump output Michael Ryan (Aug 19)
- WU.FTPD vulnerability: gnu tar possibly others Alan Cox (Aug 19)
- Re: WU.FTPD vulnerability: gnu tar possibly others Pedro Melo (Aug 19)
- Re: WU.FTPD vulnerability: gnu tar possibly others Christian Limpach (Aug 19)
- SECURITY FIX/UPDATE: anonftp Elliot Lee (Aug 19)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Igor Chudov @ home (Aug 18)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Evil Pete (Aug 18)
- CERT Advisory CA-96.18 - Vulnerability in fm_fls CERT Advisory (Aug 14)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Ficus Kirkpatrick (Aug 13)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Alexander O. Yuriev (Aug 14)
- Tracking tools? David Miller (Aug 14)
- Re: Tracking tools? Gene Titus (Aug 15)
- Re: Tracking tools? neill (Aug 15)