Bugtraq mailing list archives
ncftp 2.4.2 MkDirs bug
From: lcamtuf () BOSS STASZIC WAW PL (Michal Zalewski)
Date: Thu, 19 Mar 1998 18:49:46 +0100
Bug: ncftp 2.4.2 has ability to automatic download of whole directories (get -R). Unfortunately, when downloaded, directories are created using system() call. So if somewhere, deeply into downloaded directory structure, lies directory called eg. "`touch GOTCHA`", given code will be executed without knowledge nor permission of victim. Fix: replace system() call in Util.h with mkdir(). _______________________________________________________________________ Michal Zalewski [tel 9690] | finger 4 PGP [lcamtuf () boss staszic waw pl] Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch] =--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------=
Current thread:
- LinCity Buffer Overflow T. Freak (Mar 16)
- Re: LinCity Buffer Overflow Bob Tracy - TDS (Mar 16)
- BSD/OS 3.0 config_anonftp script trey (Mar 16)
- bug in su (Slackware 3.4) Peter van Dijk (Mar 15)
- Re: bug in su (Slackware 3.4) Martin Schulze (Mar 22)
- Re: bug in su (Slackware 3.4) Martin Schulze (Mar 22)
- bug in su (Slackware 3.4) Peter van Dijk (Mar 15)
- Re: BSD/OS 3.0 config_anonftp script Bill Becker (Mar 18)
- ncftp 2.4.2 MkDirs bug Michal Zalewski (Mar 19)
- Re: ncftp 2.4.2 MkDirs bug Theo Van Dinter (Mar 20)
- New FrontPage98 Server Extensions Release (fwd) Marc Slemko (Mar 20)
- Ascend Kill Thomas Michaux (Mar 20)
- <Possible follow-ups>
- Re: Lincity Buffer Overflow bst () INAME COM (Mar 17)