Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: WU.FTPD vulnerability: gnu tar possibly others

From: Christian.Limpach () NICE CH (Christian Limpach)
Date: Tue, 20 Aug 1996 00:18:01 +0200


quote site exec tar  -c -v --rsh-command=commandtorunasftp -f somebox:foo foo


since _PATH_EXECPATH defaults to /bin/ftp-exec and at least I don't
install tar therein, you can't site exec tar.  I have the commands
used by ftp.conversions (like tar) in /bin.  Or am I missing
something ?


Fix:
        Use a dumber tar. Also carefully evaluate any other binaries
you have to avoid unpleasant and similar suprises.


or have no binaries in the _PATH_EXECPATH.

    christian

--
Christian Limpach, CS-Student @ ETH Zurich, Switzerland.
http://nice.ethz.ch/~chris  ---  System-Administration VIS/NiCE
member of the managing board of VIS (http://www.vis.inf.ethz.ch/)
Previous By Date Next
Previous By Thread Next

Current thread: