Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Ncftpd < 2.6.2 allow users to change chrooted diretory
From: Thiago Madeira de Lima <jungle () STI COM BR>
Date: Tue, 25 Jul 2000 14:53:37 -0300
        Found this bug 2 weeks ago and reported to the author. Now there's a new
version that solves the problem. Everyone using ncftpd < 2.6.2 should
upgrade to ncftpd 2.6.2.

        This bug only works if you use the same UID or GID for more than 1 user.

        Restricted users could access directory paths that were prefixed by the
entire pathname of the home directory and if the user's UID/GID privileges
allowed it.

        For example, a user bill with home directory /home/users/bill may have been
able to access the directory /home/users/billybob if bill's privileges
allowed it.

Thiago Madeira Lima

  By Date           By Thread  

Current thread:
  • Re: Nokia WAP server. Security Team (Jul 24)
    • Ncftpd < 2.6.2 allow users to change chrooted diretory Thiago Madeira de Lima (Jul 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]