Vulnerability Development mailing list archives
compress(vul) + ftpd(?)
From: HypH <hyphen () go2 pl>
Date: Tue, 5 Mar 2002 14:43:06 +0100
[hyph@port ~]$ rpm -qf `which compress` ncompress-4.2.4-21 [hyph@port ~]$ compress `perl -e 'print "A" x 1100'` AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA: File name too long Segmentation fault (core dumped) [hyph@port ~]$gdb compress core [...] #0 0x41414141 in ?? () (gdb) i r eax 0x461 1121 ecx 0x1 1 edx 0x40158be0 1075153888 ebx 0x41414141 1094795585 esp 0xbffff368 0xbffff368 ebp 0x41414141 0x41414141 esi 0x41414141 1094795585 edi 0x41414141 1094795585 eip 0x41414141 0x41414141 <--- :-)) [...] [hyph@port ~]$ cat /etc/redhat-release Red Hat Linux release 7.1 (Seawolf) [hyph@port ~]$ ls -l `which compress` -rwxr-xr-x 2 root root 16156 gru 12 2000 /usr/bin/compress Compress isn`t suid so it gives us no benefit. And here`s my question: Is there any way to force the ftpd to 'compress' a file before sending it, from the client`s side. I`m asking for this particular daemon because of this: [hyph@port ~]$ ls -l /var/ftp/bin/ razem 400k -r-------- 1 root root 313 sie 2 2001 bin.md5 -rwxr-xr-x 2 root root 16k gru 12 2000 compress <-- :-)) -rw------- 1 root root 848k mar 3 10:07 core -rwxr-xr-x 2 root root 48k sie 8 2000 cpio -rwxr-xr-x 4 root root 49k lut 8 2001 gzip -rwxrwx--x 2 root root 45k mar 14 2001 ls -rwxr-xr-x 2 root root 147k mar 6 2001 tar The benefits would be obvious. Sorry if it`s a known bug/vulnerability (but I`ve never heared `bout it before) -- ::::::::::::::::::::::::::: Linux isn`t unfriendly he`s only picky in choosing his friends. :::::::::::::::::::::::::::
Current thread:
- compress(vul) + ftpd(?) HypH (Mar 05)
- Re: compress(vul) + ftpd(?) H D Moore (Mar 07)
- Message not available
- Re: compress(vul) + ftpd(?) HypH (Mar 07)
- Re: compress(vul) + ftpd(?) H D Moore (Mar 07)
- Re: compress(vul) + ftpd(?) HypH (Mar 09)
- Re: compress(vul) + ftpd(?) KF (Mar 09)
- Re: compress(vul) + ftpd(?) HypH (Mar 09)
- Re: compress(vul) + ftpd(?) HypH (Mar 07)
- Re: compress(vul) + ftpd(?) Pavel Kankovsky (Mar 09)
- Re: compress(vul) + ftpd(?) H D Moore (Mar 10)
- Re: compress(vul) + ftpd(?) Pavel Kankovsky (Mar 11)
- Re: compress(vul) + ftpd(?) H D Moore (Mar 12)