Affects: TrollFTPD 1.26 (probably earlier) Severity: local users can gain root access. Fix: upgrade to TrollFTPD-1.27 Fix URL: ftp://ftp.trolltech.com/freebies/ftpd/troll-ftpd-1.27.tar.gz Description: An error in the handling of recursive directory listings can result in an exploitable buffer overflow. Exploit: (offsets are for one machine. not guaranteed to work on any others.) Run the program, ftp localhost <in ftp> (your username) (your password) cd /tmp ls -R <out of ftp> Connect to port 10000 with nc Be nice. -- zen-parse -- ------------------------------------------------------------------------- The preceding information, unless directly posted by zen-parseat_private to an open forum is confidential information and not to be distributed (without explicit permission being given by zen-parseat_private). Legal action may be taken to enforce this. If you are mum or dad, this probably doesn't apply to you.
This archive was generated by hypermail 2b30 : Sun Aug 12 2001 - 20:49:08 PDT