ncftp 2.4.2 MkDirs bug

From: Michal Zalewski (lcamtufat_private)
Date: Thu Mar 19 1998 - 09:49:46 PST

Next message: Christian Holmqvist: "Re: MSIE buffer overrun"

Previous message: Bill Becker: "Re: BSD/OS 3.0 config_anonftp script"
Next in thread: Theo Van Dinter: "Re: ncftp 2.4.2 MkDirs bug"
Reply: Theo Van Dinter: "Re: ncftp 2.4.2 MkDirs bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Bug:

ncftp 2.4.2 has ability to automatic download of whole directories (get
-R). Unfortunately, when downloaded, directories are created using
system() call. So if somewhere, deeply into downloaded directory
structure, lies directory called eg. "`touch GOTCHA`", given code will be
executed without knowledge nor permission of victim.

Fix:

replace system() call in Util.h with mkdir().

_______________________________________________________________________
Michal Zalewski [tel 9690] | finger 4 PGP [lcamtufat_private]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
=--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------=

Next message: Christian Holmqvist: "Re: MSIE buffer overrun"
Previous message: Bill Becker: "Re: BSD/OS 3.0 config_anonftp script"
Next in thread: Theo Van Dinter: "Re: ncftp 2.4.2 MkDirs bug"
Reply: Theo Van Dinter: "Re: ncftp 2.4.2 MkDirs bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:46:23 PDT