[3217] in bugtraq
Re: WU.FTPD vulnerability: gnu tar possibly others
daemon@ATHENA.MIT.EDU (Pedro Melo)
Tue Aug 20 01:44:20 1996
Date: Mon, 19 Aug 1996 18:53:58 GMT
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: Pedro Melo <melo@co.telenet.pt>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
In-Reply-To: <199608191309.OAA18348@cableol.net>
On Mon, 19 Aug 1996 14:09:19 +0100, you wrote:
>quote site exec tar -c -v --rsh-command=commandtorunasftp -f somebox:foo foo
>
>Gnu tar allows you to specify which binary you wish to run.
>
>Fix:
> Use a dumber tar. Also carefully evaluate any other binaries
>you have to avoid unpleasant and similar suprises.
Better Fix:
Disable site exec. You can give the tar benefits without site exec. See
ftpconversions, if I'm not mistaken...
Melo
--
************** Pedro Melo (melo@co.telenet.pt) BOFH ******************
* TELENET, Servicos de Telecomunicacoes, SA - Tel. +351 1 3871010 *
* finger melo@finger.co.telenet.pt or search key servers for PGP key *
************* http://www.co.telenet.pt/personal/melo/ ****************
