NetBSD Security Advisory 2000-009 - An improper use of the setproctitle() library function by ftpd may allow a malicious remote ftp client to subvert an FTP server, including possibly getting remote root access to a system.
e738d5814b569a7ca3be40277de7b98cd3a21bb900e8613c115bf34d5e3d85c4-----BEGIN PGP SIGNED MESSAGE-----
NetBSD Security Advisory 2000-009
=================================
Topic: ftpd setproctitle vulnerability.
Version: All releases before 2000/07/08
Severity: High: Potential remote root access.
Abstract
========
An improper use of the setproctitle() library function by ftpd may
allow a malicious remote ftp client to subvert an FTP server,
including possibly getting remote access to a system.
Technical Details
=================
The BSD setproctitle() function, like printf(), accepts a format
string and a variable number of arguments; the format string is
interpreted to determine how to display the other arguments to the
function.
If the format string can contain arbitrary user-supplied data, it may
be possible to trick the program into reading or writing arbitrary
memory locations, resulting in a security compromise.
A more extensive audit of the NetBSD sources for problems of this form
is under way.
Solutions and Workarounds
=========================
This problem affects all versions of NetBSD. Patches are available
for the NetBSD-1.4 series of releases.
If you're runing NetBSD 1.4, 1.4.1, or 1.4.2, fetch the following
patch, apply it to src/libexec/ftpd/ftpd.c using the patch(1) command,
rebuild and reinstall ftpd, and kill off any existing FTP daemons (to
ensure that any improperly granted access is revoked).
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/20000708-ftpd
If you're running a version of NetBSD-current or the NetBSD 1.5 branch
from before 2000/07/05, you should update to a newer version of
NetBSD-current. Similarly, if you're running a version of
NetBSD-release (NetBSD 1.4 branch) from before 2000/07/08, you should
update to a newer version of NetBSD-release.
Thanks To
=========
Jun-ichiro Hagino <itojun@netbsd.org>
Revision History
================
20000708 Initial version.
More Information
================
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.
Copyright 2000, The NetBSD Foundation, Inc. All Rights Reserved.
$NetBSD: NetBSD-SA2000-009.txt,v 1.1 2000/07/08 21:03:11 sommerfeld Exp $
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBOWnDfD5Ru2/4N2IFAQE7ZAP8CH2tz0srgbkJ05PEtc83EUG5FvMetSBC
OG45edFGtMRfpRkJWL30DoqCmvIzxRWa0sVgFfc/78gS1eW6R0SdunSDM3sQ39Vp
thpsj/+hqUnuwFpm+fdiIFsLQjsgaqZpceaWSogJxGLj6SCepNouED2XeI46PABR
pGowBD6r0gk=
=OXnj
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed