First Last Prev Next    This bug is not in your last search results.
Bug 35978 - gssftp can be segfaulted remotely, possibly exploitable
gssftp can be segfaulted remotely, possibly exploitable
Status: CLOSED ERRATA
Product: Red Hat Linux
Classification: Retired
Component: krb5 (Show other bugs)
7.0
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
: Security
: 37731 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-04-15 15:57 EDT by Mario Lorenz
Modified: 2007-03-26 23:43 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-05-15 11:49:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Mario Lorenz 2001-04-15 15:57:58 EDT 
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [de] (X11; U; Linux 2.2.19 i686)


kerberos-workstation includes kerberized ftp, gssftpd, which is not wu-ftpd
but the
BSD ftp. This FTP is possibly vulnerable to the GLOB attacks as described
in CERT
/Covert Labs Advisory recently. Also, plain "ls ~" gives you the FTP home
path, which
is considered bad (albeit highly predictable anyway on linux boxen)

Reproducible: Always
Steps to Reproduce:
1. Enable gssftp with chckconfig to allow kerberized FTP connections
2. Login to the ftp server using anonymous FTP
3. Type "cd ~*"
	

Actual Results:  421 service not available.
gdb attached to ftpd shows it segfaulted.


Expected Results:  Nothing

I am not 100% sure if this is exploitable, I didnt dig in that deep. Covert
Labs quote
exploitability under certain circumstances. Nevertheless, a remotely
induced segfault
is pretty bad.
Fortunately, the krb gssftp is probably not used widely.
Comment 1 Nalin Dahyabhai 2001-04-26 15:54:24 EDT 
*** Bug 37731 has been marked as a duplicate of this bug. ***
Comment 2 Mario Lorenz 2001-05-15 11:33:00 EDT 
Folks, you have had this for a whole month now.

A week after my initial report here, this came up on BugTraq and was labeled
REMOTE EXPLOITABLE. A fix was provided in the Bugtraq posting.

Since #37731 you knew the BugTraq post (and thats been 3 weeks ago as well)

It is therefore reasonable to state what seems obvious, and set the bug to
WONTFIX.
Comment 3 Matt Wilson 2001-05-15 11:44:51 EDT 
*sigh*
Comment 4 Nalin Dahyabhai 2001-06-27 01:31:03 EDT 
krb5-1.2.2-5 has been released as an errata.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.