Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Multiple vulnerabilites in glFtpD (current versions)
From: pele () ACC UMU SE (Per Lejontand)
Date: Thu, 23 Dec 1999 22:29:57 +0100


at Thu, Dec 23, 1999 at 11:31:53AM +1100 suid wrote:

      3) SITE ZIPCHK command:

              The SITE command ZIPCHK can be used to check the validity of a ZIP file on a server.
              Presumably this is so you can make sure the ZIP file you are about to download is valid
              and free from error. The way this works is thus:

                      glFtpD user does:
                      ftp> quote SITE ZIPCHK XXXXX.ZIP
                      
                      glFtpD then runs a shell script with XXXXX.ZIP as argv[1] or 2.
                      which calls /bin/unzip etc etc.

              If a user is able to create a filename with ";" characters in the name, they can
              execute arbitrary code on the remote server with the privelege level of the server.

Easy fix should be override the command in glftpd.conf (or equivalent) with
something like:

site_cmd ZIPCHK TEXT /ftp-data/misc/disabled

Wich causes a textfile to be displayed rather then a command executed.

--

//Per
.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,.,
  Per Lejontand, Student of Computer science, Admin @ {acc,ltlab}.umu.se
  Phone: +46-70-2163191
 *** Stay away from hurricanes for a while.



  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]