what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

iglooftp.txt

iglooftp.txt
Posted Dec 30, 2004
Authored by Manigandan Radhakrishnan

A weakness when uploading directories recursively can potentially be exploited by malicious, local users to substitute the uploaded files in IglooFTP version 0.6.1.

tags | advisory, local
SHA-256 | f9196ada991d3ff2e19aff394388176d2abd752aa76bdc0a2dfb9da562f0fa39

iglooftp.txt

Change Mirror Download
From djb@cr.yp.to Wed Dec 15 14:23:31 2004
Date: 15 Dec 2004 08:34:01 -0000
From: D. J. Bernstein <djb@cr.yp.to>
To: securesoftware@list.cr.yp.to, bug@iglooftp.com
Subject: [local] [control] IglooFTP 0.6.1 uses fopen in /tmp

Manigandan Radhakrishnan, a student in my Fall 2004 UNIX Security Holes
course, has discovered a locally exploitable security hole in IglooFTP,
at least version 0.6.1 (the current version in FreeBSD ports). I'm
publishing this notice, but all the discovery credits should be assigned
to Radhakrishnan.

You are at risk if you use IglooFtp to recursively upload a directory.
Any user with an account on the same machine can, with enough effort,
substitute his own files for the files you are uploading.

Here's the bug: IglooFtp uses fopen(...,"w") on a filename returned by
tmpnam(). There is no O_EXCL protection on the open; fopen() will
happily write to an attacker-owned file, so the attacker can change the
file contents later. Some operating systems try to make the filename
hard to guess---FreeBSD, for example, uses cryptographic random numbers
to generate one of 57 billion possible filenames---but this level of
randomness is not sufficient to stop a persistent attacker.

---D. J. Bernstein, Associate Professor, Department of Mathematics,
Statistics, and Computer Science, University of Illinois at Chicago
Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close