Bugtraq mailing list archives
Re: WU.FTPD vulnerability: gnu tar possibly others
From: Christian.Limpach () NICE CH (Christian Limpach)
Date: Tue, 20 Aug 1996 00:18:01 +0200
quote site exec tar -c -v --rsh-command=commandtorunasftp -f somebox:foo foo
since _PATH_EXECPATH defaults to /bin/ftp-exec and at least I don't install tar therein, you can't site exec tar. I have the commands used by ftp.conversions (like tar) in /bin. Or am I missing something ?
Fix: Use a dumber tar. Also carefully evaluate any other binaries you have to avoid unpleasant and similar suprises.
or have no binaries in the _PATH_EXECPATH. christian -- Christian Limpach, CS-Student @ ETH Zurich, Switzerland. http://nice.ethz.ch/~chris --- System-Administration VIS/NiCE member of the managing board of VIS (http://www.vis.inf.ethz.ch/)
Current thread:
- Re: libresolv+ bug, (continued)
- Re: libresolv+ bug Brian Mitchell (Aug 18)
- Re: libresolv+ bug Casper Dik (Aug 19)
- Re: libresolv+ bug Alan Cox (Aug 19)
- Re: libresolv+ bug Brian Mitchell (Aug 19)
- Re: libresolv+ bug David Holland (Aug 19)
- Re: libresolv+ bug Alan Cox (Aug 19)
- Re: libresolv+ bug Steve Czetty (Aug 19)
- real time decode of tcpdump output Michael Ryan (Aug 19)
- WU.FTPD vulnerability: gnu tar possibly others Alan Cox (Aug 19)
- Re: WU.FTPD vulnerability: gnu tar possibly others Pedro Melo (Aug 19)
- Re: WU.FTPD vulnerability: gnu tar possibly others Christian Limpach (Aug 19)
- SECURITY FIX/UPDATE: anonftp Elliot Lee (Aug 19)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Igor Chudov @ home (Aug 18)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Evil Pete (Aug 18)
- CERT Advisory CA-96.18 - Vulnerability in fm_fls CERT Advisory (Aug 14)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Ficus Kirkpatrick (Aug 13)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Alexander O. Yuriev (Aug 14)
- Tracking tools? David Miller (Aug 14)
- Re: Tracking tools? Gene Titus (Aug 15)
- Re: Tracking tools? neill (Aug 15)
- Re: Tracking tools? Tracy R. Reed (Aug 15)