Date: Tue, 13 Mar 2001 15:24:14 +0100
From: "Frank DENIS (Jedi/Sector One)" <[email protected]>
To: [email protected]Subject: Buffer oveflow in FTPFS (linux kernel module)
FTPFS (http://sourceforge.net/projects/ftpfs) is a Linux kernel module,
enhancing VFS with FTP volume mounting capabilities.
However, it has insufficient bounds checking. If a user can enter mount
options through a wrapper, he can take over the whole system, even with
restricted capabilities.
Here's a simple exploit :
mount -t ftpfs none /mnt -o ip=127.0.0.1,user=xxxxxxxxxxxxxxxxxxxxxxxxxxxx...
The previous command produces an immediate reboot (tested with kernel 2.4.2
and FTPFS 0.1.1) .
The author is aware of that vulnerability.
Best regards,
--
-=- Frank DENIS aka Jedi/Sector One < [email protected] > -=-
LINAGORA SA (Paris, France) : http://www.linagora.com
