lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <474F46A3.7040900@shockley.net>
Date: Thu, 29 Nov 2007 18:09:23 -0500
From: Steve Shockley <steve.shockley@...ckley.net>
To: bugtraq@...urityfocus.com
Subject: Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability

Valdis.Kletnieks@...edu wrote:
>> An attacker who can convince an user to extract a specially crafted
>> archive can overwrite arbitrary files with the permissions of the user
>> running gtar.  If that user is root, the attacker can overwrite any
>> file on the system.
> 
> Apparently, somebody at FreeBSD thinks "can be exploited if you trick the
> user into doing something" is a valid attack vector.

The difference is that I'd be surprised when I got 0wned by unpacking an 
archive, and not all that surprised when I got 0wned by running a random 
executable (script) file.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ