[UNIX] Vulnerability Found in Frox Transparent FTP Proxy
From: support@securiteam.comDate: 01/14/02
- Previous message: support@securiteam.com: "[NT] More Reading of Local Files Vulnerabilities in MSIE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Mon, 14 Jan 2002 14:27:43 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Vulnerability Found in Frox Transparent FTP Proxy
------------------------------------------------------------------------
SUMMARY
<http://frox.sourceforge.net/> Frox is a transparent FTP proxy
application. A security vulnerability in the product allows remote
attackers to gain privileged access (access rights equal to that of the
Frox's running user) by overflowing an internal buffer.
DETAILS
Vulnerable systems:
Frox versions 0.6.0 through 0.6.6
Immune systems:
Frox versions 0.6.7
There is an error in calculating the necessary size for a buffer into
which cache file header information is written when Frox is caching FTP
retrievals. This buffer is written into with sprintf, and may overflow if
a hostile FTP server returns a long string in reply to an MDTM request
when retrieving a file with a long pathname. This could allow arbitrary
code to be executed as the user under which Frox is running (normally not
root).
Solution:
Upgrade to the latest version of Frox.
ADDITIONAL INFORMATION
The information has been provided by <mailto:frox@hollo.org> James
Hollingshead.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] More Reading of Local Files Vulnerabilities in MSIE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- RE: FTP security question...
... valid login to be able to overflow the buffer and thus exploit the ... vulnerability.
... Subject: FTP security question... ... (Security-Basics) - Re: Secure C library
... I read much of the new "security TR", and gee, I don't know. ... the buffer
from the buffer size. ... It is not hard to design a better form of buffer and string handling.
... but this is just one example of how thoughtful interface design can ... (comp.std.c) - Re: Programming skills for Pen Testers
... each language has its own subset of security ... To elaborate further on the
subject, figure that knowing about buffer ... programming does not inevitably take
part of a pen-test. ... Download FREE Whitepaper "Role of Network Behavior Analysis and
Response ... (Pen-Test) - [NT] Trend Micro ServerProtect Multiple Buffer Overflow Vulnerabilities
... Get your security news from a reliable source. ... Trend Micro ServerProtect
Multiple Buffer Overflow Vulnerabilities ... The Trend ServerProtect service handles
RPC requests on TCP ... (Securiteam) - [Full-disclosure] [NETRAGARD-20061109 SECURITY ADVISORY] [HP Tru64 libpthread buffer overflo
... The pthread library (libpthread) provides interfaces for developing ... crafted
buffer and inserting it into the PTHREAD_CONFIG variable. ... managed security services
which enable its clients to take a proactive ... provided in this advisory. ...
(Full-Disclosure)
