Buffer overflow in ftpd and locate bug

From: Sergey V. Kolychev (ksvat_private)
Date: Fri Apr 30 1999 - 01:07:20 PDT

Next message: Anthony Clarke: "*Huge* security hole in Oracle 8.0.5 with Intellegent agent"

Previous message: Zhang Qianli: "Re: X-based sniffer-netxmon"
Next in thread: [tgo]: "Re: Buffer overflow in ftpd and locate bug"
Reply: [tgo]: "Re: Buffer overflow in ftpd and locate bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi.

  I had problem with locate from findutils-4.1.24.rpm from Redhat-5.1
It segfaults if we have huge directory at incoming ftp which created
by exploits for ftpd realpath hole. My ftpd is patched. Those exploits
,i think, should not afraid me, but if updatedb puts to locate database
that directory then locate segfaults. ( getline.c 104 row by gdb )
I guess it can be used for running arbitrary commands if root runs locate.

I had look to latest Redhat-6.0 findutils-4.1.31.rpm but it still
based on findutils-4.1 as well as findutils-4.1.24 and haven't any
patches from redhat concerning subject and I am sure it stiil vulnerable.


   ----------------------Alchevsk Linux User Group-----------------------
      I don't call, I don't cry , I don't sorry.
      All will gone like a white appletreeses's smoke... (S.Esenin)
      http://www.ic.al.lg.ua/~ksv | e-mail: ksvat_private
      PGP key & Geekcode: finger ksvat_private

Next message: Anthony Clarke: "*Huge* security hole in Oracle 8.0.5 with Intellegent agent"
Previous message: Zhang Qianli: "Re: X-based sniffer-netxmon"
Next in thread: [tgo]: "Re: Buffer overflow in ftpd and locate bug"
Reply: [tgo]: "Re: Buffer overflow in ftpd and locate bug"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:44:30 PDT