exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

netbsd.2000-006.ftpchroot

netbsd.2000-006.ftpchroot
Posted Jun 1, 2000

NetBSD Security Advisory 2000-006 - Untrusted local processes can hog cpu and kernel memory by tricking the kernel into running exclusively on their behalf, denying other processes the CPU.

tags | kernel, local
systems | netbsd
SHA-256 | cac750a58cf9b85d2630794215188083198ea320a7a11c55b56b766d530a2dea

netbsd.2000-006.ftpchroot

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----

NetBSD Security Advisory 2000-006
=================================

Topic: /etc/ftpchroot parsing broken in NetBSD-1.4.2
Version: NetBSD 1.4.2 only
Severity: medium to high if using /etc/ftpchroot, none if not.


Abstract
========

A fix which attempted to make ftpd's parsing of /etc/ftpusers more
robust was incorrect, and broke parsing of /etc/ftpchroot, allowing
users listed in /etc/ftpchroot access to files outside their home
directory.

Technical Details
=================

The chroot(2) system call, short for "change root", restricts a
process to only be able to access a subtree of the filesystem.

/etc/ftpchroot specifies users who are allowed to log in using ftp
with a password, but are chroot'ed to their home directory, preventing
them from accessing files outside their home directory via FTP. The
incorrect fix in 1.4.2 caused the chroot call to not occur, allowing
them regular, unpriviledged access to files outside their home
directory via FTP.

Solutions and Workarounds
=========================

The fix is to back out the incorrect half of the fix.

This problem affects only NetBSD-1.4.2 and versions of NetBSD-current
between 19990930 and 19991212; it does not affect NetBSD-1.4.1 or
earlier, or versions of NetBSD-current after 19991212 or before 19990930.

If you do not need to use /etc/ftpchroot, you do not need to take any
action.

If you're running NetBSD-current fetched between the above dates,
update to a newer version of NetBSD-current.

If you're runing NetBSD-1.4.2, fetch the following patch, apply it to
src/libexec/ftpd/ftpd.c using the patch(1) command, rebuild and
reinstall ftpd, and kill off any existing FTP daemons (to ensure that
any improperly granted access is revoked).

ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/20000527-ftpd

Since the patch is small, it is reproduced inline here:

*** ftpd.c 1999/10/01 12:08:06 1.61.2.1
- --- ftpd.c 2000/05/11 10:14:37 1.61.2.2
***************
*** 489,496 ****
if (glob == NULL || glob[0] == '#')
continue;
perm = strtok(NULL, " \t\n");
- - if (perm == NULL)
- - continue;
if (fnmatch(glob, name, 0) == 0) {
if (perm != NULL &&
((strcasecmp(perm, "allow") == 0) ||
- --- 489,494 ----

Thanks To
=========

Paul J. Lavoie <pjl@ilx.com> for reporting the problem
Luke Mewburn <lukem@netbsd.org> for verifying the fix.


Revision History
================

20000527 original draft of advisory


More Information
================

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.


Copyright 200X, The NetBSD Foundation, Inc. All Rights Reserved.

$NetBSD: NetBSD-SA2000-006.txt,v 1.1 2000/05/28 04:15:23 sommerfeld Exp $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBOTG4MT5Ru2/4N2IFAQFMPgP+O4apS+65HzYRT/OlY9PeqfBxaMjjfHjc
Yg/C8l/cGAmluzWHTiy6TX0GFm14qgvcf/2lom9OSHvfpWYWK8QT0ZbMODbLjb3S
hrwaN63SeX3PRJ7QrhGbWPAyavuO3lvyt8v+G7CIIponaIK/XzOCyhT3eaLtn1BE
uD3itgQRtIU=
=245w
-----END PGP SIGNATURE-----

Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close