dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


NetBSD Security Advisory: ftpd setproctitle vulnerability

Jul 10, 2000, 22:39 (0 Talkback[s])

WEBINAR:
On-Demand

Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers


Date: Mon, 10 Jul 2000 12:16:35 -0400
From: security-officer@netbsd.org
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: NetBSD Security Advisory 2000-009

-----BEGIN PGP SIGNED MESSAGE-----

                 NetBSD Security Advisory 2000-009
                 =================================

Topic:          ftpd setproctitle vulnerability.
Version:        All releases before 2000/07/08
Severity:       High: Potential remote root access.

Abstract
========

An improper use of the setproctitle() library function by ftpd may
allow a malicious remote ftp client to subvert an FTP server,
including possibly getting remote access to a system.

Technical Details
=================

The BSD setproctitle() function, like printf(), accepts a format
string and a variable number of arguments; the format string is
interpreted to determine how to display the other arguments to the
function.

If the format string can contain arbitrary user-supplied data, it may
be possible to trick the program into reading or writing arbitrary
memory locations, resulting in a security compromise.

A more extensive audit of the NetBSD sources for problems of this form
is under way.

Solutions and Workarounds
=========================

This problem affects all versions of NetBSD.  Patches are available
for the NetBSD-1.4 series of releases.

If you're runing NetBSD 1.4, 1.4.1, or 1.4.2, fetch the following
patch, apply it to src/libexec/ftpd/ftpd.c using the patch(1) command,
rebuild and reinstall ftpd, and kill off any existing FTP daemons (to
ensure that any improperly granted access is revoked).

    ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/20000708-ftpd

If you're running a version of NetBSD-current or the NetBSD 1.5 branch
from before 2000/07/05, you should update to a newer version of
NetBSD-current.  Similarly, if you're running a version of
NetBSD-release (NetBSD 1.4 branch) from before 2000/07/08, you should
update to a newer version of NetBSD-release.

Thanks To
=========

Jun-ichiro Hagino 

Revision History
================

        20000708        Initial version.

More Information
================

Information about NetBSD and NetBSD security can be found at
http://www.NetBSD.ORG/ and http://www.NetBSD.ORG/Security/.

Copyright 2000, The NetBSD Foundation, Inc.  All Rights Reserved.

$NetBSD: NetBSD-SA2000-009.txt,v 1.1 2000/07/08 21:03:11 sommerfeld Exp $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBOWnDfD5Ru2/4N2IFAQE7ZAP8CH2tz0srgbkJ05PEtc83EUG5FvMetSBC
OG45edFGtMRfpRkJWL30DoqCmvIzxRWa0sVgFfc/78gS1eW6R0SdunSDM3sQ39Vp
thpsj/+hqUnuwFpm+fdiIFsLQjsgaqZpceaWSogJxGLj6SCepNouED2XeI46PABR
pGowBD6r0gk=
=OXnj
-----END PGP SIGNATURE-----