Re: Q: Impact of globbing vulnerability in ftpd

From: Andrew Barros (abarros@tjhsst.edu)
Date: 04/23/01

• Next message: SparkLIST.com: "Re: your unsubscribe request"
• Previous message: Alan Clegg: "Re: Connection attempts"
• In reply to: Victor Sudakov: "Q: Impact of globbing vulnerability in ftpd"
• Next in thread: Victor Sudakov: "Re: Q: Impact of globbing vulnerability in ftpd"
• Reply: Victor Sudakov: "Re: Q: Impact of globbing vulnerability in ftpd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 23 Apr 2001 00:28:36 -0400
From: Andrew Barros <abarros@tjhsst.edu>
To: Victor Sudakov <sudakov@sibptus.tomsk.ru>

The problem lies in that when you tell ftpd to get * it has to make a list
of all those files, now for a really complex pattern like
*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/..

ftpd will take a long time to build the list. Thats the globbing vulnerability.

        -ajb
On Mon, Apr 23, 2001 at 11:16:32AM +0800, Victor Sudakov wrote:
->Colleagues:
->
->I do not quite understand the impact of the globbing vulnerability.
->
->As far as I understand, it can be exploited only after a user has
->logged in, so ftpd is already chrooted and running with the uid of
->the user at the moment. What serious trouble can an attacker
->cause under these conditions?
->
->Thank you for any input.
->
->--
->Victor Sudakov, VAS4-RIPE, VAS47-RIPN
->2:5005/149@fidonet http://vas.tomsk.ru/
->
->To Unsubscribe: send mail to majordomo@FreeBSD.org
->with "unsubscribe freebsd-security" in the body of the message
---end quoted text---

-- 
Andrew Barros <abarros@tjhsst.edu>
PGP Key Fingerprint:
D3B8 0800 C45A 143E 5CF0  E112 0A1B AB36 B655 1FB8

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• application/pgp-signature attachment: stored

• Next message: SparkLIST.com: "Re: your unsubscribe request"
• Previous message: Alan Clegg: "Re: Connection attempts"
• In reply to: Victor Sudakov: "Q: Impact of globbing vulnerability in ftpd"
• Next in thread: Victor Sudakov: "Re: Q: Impact of globbing vulnerability in ftpd"
• Reply: Victor Sudakov: "Re: Q: Impact of globbing vulnerability in ftpd"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: ftp vulnerability ... Are there any simple patch to ftpd used in FBSD 3.x and FBSD ... On Wed, 11 Apr 2001, Alexey V. Neyman wrote: ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) Re: FTPD ... (to: alexus) ... Subject: FTPD ... ... (to: alexus) ... > read the banner... ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) Re: Is there a ftp vuln in 4.3-STABLE ... > core from seteuid'ed ftpd to ANY specifyed directory? ... Kris ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) Re: full PAM support for login, rshd, and su ... > the NetBSD ftpd in a few days. ... Well, the plan to replace it has been discussed, but it's not going to ... with "unsubscribe freebsd-security" in the body of the message ... (FreeBSD-Security) Re: Q: Impact of globbing vulnerability in ftpd ... > ftpd will take a long time to build the list. ... server as the user running ftpd, ... What you described is a DoS attack maybe, ... > ->I do not quite understand the impact of the globbing vulnerability. ... (FreeBSD-Security)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint