NetBSD: ftpd setproctitle vulnerability - The Community's Center for Security


The central voice for Linux and Open Source security news

Welcome!

Sign up!

EnGarde Community

Polls

What is the most important Linux security technology?

	SELinux
	grsecurity
	CIS Benchmark
	Bastille Linux
	iptables
	LIDS

Advisories

Community

Linux Events

Linux User Groups

Link to Us

Security Center

Book Reviews

Security Dictionary

Security Tips

SELinux

White Papers

Featured Blogs

All About Linux

DanWalsh LiveJournal

Securitydistro

Latest Newsletters

Linux Advisory Watch: February 10th, 2012

Linux Security Week: February 6th, 2012

LinuxSecurity Newsletters

RSS Feeds

Get the LinuxSecurity news you want faster with RSS

NetBSD: ftpd setproctitle vulnerability

User Rating:

How can I rate this item?

Posted by LinuxSecurity.com Team

ftpd may allow a malicious remote ftp client to subvert an FTP server

-----BEGIN PGP SIGNED MESSAGE-----

                 NetBSD Security Advisory 2000-009
                 =================================

Topic:          ftpd setproctitle vulnerability.
Version:        All releases before 2000/07/08
Severity:       High: Potential remote root access.


Abstract
========

An improper use of the setproctitle() library function by ftpd may
allow a malicious remote ftp client to subvert an FTP server,
including possibly getting remote access to a system.


Technical Details
=================

The BSD setproctitle() function, like printf(), accepts a format
string and a variable number of arguments; the format string is
interpreted to determine how to display the other arguments to the
function.  

If the format string can contain arbitrary user-supplied data, it may
be possible to trick the program into reading or writing arbitrary
memory locations, resulting in a security compromise.

A more extensive audit of the NetBSD sources for problems of this form
is under way.


Solutions and Workarounds
=========================

This problem affects all versions of NetBSD.  Patches are available
for the NetBSD-1.4 series of releases.

If you're runing NetBSD 1.4, 1.4.1, or 1.4.2, fetch the following
patch, apply it to src/libexec/ftpd/ftpd.c using the patch(1) command,
rebuild and reinstall ftpd, and kill off any existing FTP daemons (to
ensure that any improperly granted access is revoked).

     ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/20000708-ftpd

If you're running a version of NetBSD-current or the NetBSD 1.5 branch
from before 2000/07/05, you should update to a newer version of
NetBSD-current.  Similarly, if you're running a version of
NetBSD-release (NetBSD 1.4 branch) from before 2000/07/08, you should
update to a newer version of NetBSD-release.

Thanks To
=========

Jun-ichiro Hagino <itojun@netbsd.org>


Revision History
================

        20000708        Initial version.


More Information
================

Information about NetBSD and NetBSD security can be found at 
http://www.NetBSD.ORG/ and  http://www.NetBSD.ORG/Security/.


Copyright 2000, The NetBSD Foundation, Inc.  All Rights Reserved.

$NetBSD: NetBSD-SA2000-009.txt,v 1.1 2000/07/08 21:03:11 sommerfeld Exp $

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQCVAwUBOWnDfD5Ru2/4N2IFAQE7ZAP8CH2tz0srgbkJ05PEtc83EUG5FvMetSBC
OG45edFGtMRfpRkJWL30DoqCmvIzxRWa0sVgFfc/78gS1eW6R0SdunSDM3sQ39Vp
thpsj/+hqUnuwFpm+fdiIFsLQjsgaqZpceaWSogJxGLj6SCepNouED2XeI46PABR
pGowBD6r0gk=
=OXnj
-----END PGP SIGNATURE-----