[15720] in bugtraq
NetBSD Security Advisory 2000-009
daemon@ATHENA.MIT.EDU (security-officer@NETBSD.ORG)
Mon Jul 10 16:08:07 2000
Message-Id: <20000710161641.182C32A43@orchard.arlington.ma.us>
Date: Mon, 10 Jul 2000 12:16:35 -0400
Reply-To: security-officer@netbsd.org
From: security-officer@NETBSD.ORG
X-To: netbsd-announce@netbsd.org
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
NetBSD Security Advisory 2000-009
=================================
Topic: ftpd setproctitle vulnerability.
Version: All releases before 2000/07/08
Severity: High: Potential remote root access.
Abstract
========
An improper use of the setproctitle() library function by ftpd may
allow a malicious remote ftp client to subvert an FTP server,
including possibly getting remote access to a system.
Technical Details
=================
The BSD setproctitle() function, like printf(), accepts a format
string and a variable number of arguments; the format string is
interpreted to determine how to display the other arguments to the
function.
If the format string can contain arbitrary user-supplied data, it may
be possible to trick the program into reading or writing arbitrary
memory locations, resulting in a security compromise.
A more extensive audit of the NetBSD sources for problems of this form
is under way.
Solutions and Workarounds
=========================
This problem affects all versions of NetBSD. Patches are available
for the NetBSD-1.4 series of releases.
If you're runing NetBSD 1.4, 1.4.1, or 1.4.2, fetch the following
patch, apply it to src/libexec/ftpd/ftpd.c using the patch(1) command,
rebuild and reinstall ftpd, and kill off any existing FTP daemons (to
ensure that any improperly granted access is revoked).
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/20000708-ftpd
If you're running a version of NetBSD-current or the NetBSD 1.5 branch
from before 2000/07/05, you should update to a newer version of
NetBSD-current. Similarly, if you're running a version of
NetBSD-release (NetBSD 1.4 branch) from before 2000/07/08, you should
update to a newer version of NetBSD-release.
Thanks To
=========
Jun-ichiro Hagino <itojun@netbsd.org>
Revision History
================
20000708 Initial version.
More Information
================
Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.
Copyright 2000, The NetBSD Foundation, Inc. All Rights Reserved.
$NetBSD: NetBSD-SA2000-009.txt,v 1.1 2000/07/08 21:03:11 sommerfeld Exp $
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv
iQCVAwUBOWnDfD5Ru2/4N2IFAQE7ZAP8CH2tz0srgbkJ05PEtc83EUG5FvMetSBC
OG45edFGtMRfpRkJWL30DoqCmvIzxRWa0sVgFfc/78gS1eW6R0SdunSDM3sQ39Vp
thpsj/+hqUnuwFpm+fdiIFsLQjsgaqZpceaWSogJxGLj6SCepNouED2XeI46PABR
pGowBD6r0gk=
=OXnj
-----END PGP SIGNATURE-----
