Bugtraq mailing list archives

Re: Pro/wuFTPD DoS

From: abelits () PHOBOS ILLTEL DENVER CO US (Alex Belits)
Date: Sun, 21 Feb 1999 23:30:38 -0800


On Sun, 21 Feb 1999, Chris Wedgwood wrote:

I think I will probably write it again, since I don't I have it saved
somewhere.  There's nothing fascinating actually. This seem to be a heap
buffer overflow, which smashes pointers to the dirnames (thus you could
probably get access to files outsite chrooted envinronment):


Could someone please clue me in on how this might be so, assuming
*ftpd correctly chroot's itself then relinquishes permissions?


  There is a claim in the description of that hole, that wu-ftpd doesn't
relinquish permissions properly, changing the uid "temporarily". I assume,
it means that saved uid is not changed at that point, however I
haven't checked in the source, if this is true.

--
Alex

----------------------------------------------------------------------
 Excellent.. now give users the option to cut your hair you hippie!
                                                  -- Anonymous Coward

Current thread:

ANNOUNCE: Net::RawIP 0.06 has been released, (continued)
- - - ANNOUNCE: Net::RawIP 0.06 has been released Sergey V. Kolychev (Feb 22)
    - Summary: Copyright on Security advisories Aviram Jenik (Feb 22)
    - Re: Process table attack (from RISKS Digest) Dug Song (Feb 22)
    - NetBus client 1.x overflow Daniel Rosowski (Feb 22)
    - Re: Process table attack (from RISKS Digest) James Lockwood (Feb 22)
    - Re: Process table attack (from RISKS Digest) Dirk Moerenhout (Feb 22)
    - Re: Process table attack (from RISKS Digest) unknown () RIVERSTYX NET (Feb 22)
    - Re: Process table attack (from RISKS Digest) Andrew Hobgood (Feb 22)
    - Denial of service process table attacks John Conover (Feb 23)
    - Group kmem exploitable? Oliver Xymoron (Feb 23)
    - Re: Pro/wuFTPD DoS Alex Belits (Feb 21)
  - ISS install.iss security hole Fyodor (Feb 20)
    - Re: ISS install.iss security hole Joel Eriksson (Feb 22)
    - Preventing remote OS detection Patrick Gilbert (Feb 22)
    - Re: Preventing remote OS detection James Lockwood (Feb 22)
    - Re: Preventing remote OS detection route () RESENTMENT INFONEXUS COM (Feb 22)
    - Re: Preventing remote OS detection Salvatore Sanfilippo (Feb 23)
    - Re: ISS install.iss security hole Peter Benie (Feb 22)
    - Re: ISS install.iss security hole Michael Warfield (Feb 22)
    - BlackHats Advisory -- InterScan VirusWall The Unicorn (Feb 22)
    - Microsoft Security Bulletin (MS99-007) aleph1 () UNDERGROUND ORG (Feb 22)