[6354] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

ncftp 2.4.2 MkDirs bug

daemon@ATHENA.MIT.EDU (Michal Zalewski)
Fri Mar 20 12:56:20 1998

Date: 	Thu, 19 Mar 1998 18:49:46 +0100
Reply-To: Michal Zalewski <lcamtuf@BOSS.STASZIC.WAW.PL>
From: Michal Zalewski <lcamtuf@BOSS.STASZIC.WAW.PL>
To: BUGTRAQ@NETSPACE.ORG

Bug:

ncftp 2.4.2 has ability to automatic download of whole directories (get
-R). Unfortunately, when downloaded, directories are created using
system() call. So if somewhere, deeply into downloaded directory
structure, lies directory called eg. "`touch GOTCHA`", given code will be
executed without knowledge nor permission of victim.

Fix:

replace system() call in Util.h with mkdir().

_______________________________________________________________________
Michal Zalewski [tel 9690] | finger 4 PGP [lcamtuf@boss.staszic.waw.pl]
Iterowac jest rzecza ludzka, wykonywac rekursywnie - boska [P. Deutsch]
=--------------- [ echo "\$0&\$0">_;chmod +x _;./_ ] -----------------=


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[6354] in bugtraq

ncftp 2.4.2 MkDirs bug

daemon@ATHENA.MIT.EDU (Michal Zalewski)Fri Mar 20 12:56:20 1998

daemon@ATHENA.MIT.EDU (Michal Zalewski)
Fri Mar 20 12:56:20 1998