[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1196412260.7022.6.camel@dapcva>
Date: Fri, 30 Nov 2007 09:44:20 +0100
From: Vincent Archer <varcher@...yall.com>
To: "Valdis.Kletnieks@...edu" <Valdis.Kletnieks@...edu>
Cc: 3APA3A <3APA3A@...URITY.NNOV.RU>,
Rajesh Sethumadhavan <rajesh.sethumadhavan@...oo.com>,
"bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Subject: Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability
On Thu, 2007-11-29 at 23:19 +0100, Valdis.Kletnieks@...edu wrote:
> On Thu, 29 Nov 2007 14:46:06 +0300, 3APA3A said:
> > In order to exploit this vulnerability you need to force victim to run
> > attacker-supplied BAT file. It's like forcing user to run
> > attacker-supplied .sh script under Unix.
>
> And oddly enough, the *very next mail* from Bugtraq said:
>
> > FreeBSD-SA-07:10.gtar Security Advisory
> > The FreeBSD Project
>
> > Topic: gtar directory traversal vulnerability
> ...
> > III. Impact
>
> > An attacker who can convince an user to extract a specially crafted
> > archive can overwrite arbitrary files with the permissions of the user
> > running gtar. If that user is root, the attacker can overwrite any
> > file on the system.
>
> Apparently, somebody at FreeBSD thinks "can be exploited if you trick the
> user into doing something" is a valid attack vector.
Considering most tar versions have specific protections to avoid this very
problem (namely, tar extracting a file outside of the directory hierarchy
where it is executed), then yes, it is a problem.
Even if you happen to think the root cause of all computing evil is what
is between the chair and the keyboard, trojans are a valid attack
vector.
--
Vincent ARCHER Email: archer@...ug.org
All men are mortal. Socrates was mortal. Therefore, all men are Socrates.
(Woody Allen)
Powered by blists - more mailing lists