FTPFS mount Buffer Overflow Vulnerability
BID:2498
Info
FTPFS mount Buffer Overflow Vulnerability
| Bugtraq ID: | 2498 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 13 2001 12:00AM |
| Updated: | Mar 13 2001 12:00AM |
| Credit: | Reported to bugtraq by "Frank DENIS (Jedi/Sector One)" <[email protected]> on Tue, 13 Mar 2001. |
| Vulnerable: |
FTPFS FTPFS 0.2.2 k2.4 FTPFS FTPFS 0.2.1 k2.4 FTPFS FTPFS 0.1.1 k2.4 FTPFS FTPFS 0.1.1 k2.2 |
| Not Vulnerable: | |
Discussion
FTPFS mount Buffer Overflow Vulnerability
FTPFS is a Linux kernel module allowing users to mount remote files from any standard FTP server as a local filesystem.
A version of FTPFS is vulnerable to a buffer overflow leading to a denial of service, and potentially execution of arbitrary code. This overflow can be exploited by any local user with access to the mount command on a system with FTPFS installed.
FTPFS is a Linux kernel module allowing users to mount remote files from any standard FTP server as a local filesystem.
A version of FTPFS is vulnerable to a buffer overflow leading to a denial of service, and potentially execution of arbitrary code. This overflow can be exploited by any local user with access to the mount command on a system with FTPFS installed.
Exploit / POC
FTPFS mount Buffer Overflow Vulnerability
mount -t ftpfs none /mnt -o ip=127.0.0.1,user=xxxxxxxxxxxxxxxxxxxxxxxxxxxx...
mount -t ftpfs none /mnt -o ip=127.0.0.1,user=xxxxxxxxxxxxxxxxxxxxxxxxxxxx...
Solution / Fix
FTPFS mount Buffer Overflow Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.