FTPFS (http://sourceforge.net/projects/ftpfs) is a Linux kernel module, enhancing VFS with FTP volume mounting capabilities. However, it has insufficient bounds checking. If a user can enter mount options through a wrapper, he can take over the whole system, even with restricted capabilities. Here's a simple exploit : mount -t ftpfs none /mnt -o ip=127.0.0.1,user=xxxxxxxxxxxxxxxxxxxxxxxxxxxx... The previous command produces an immediate reboot (tested with kernel 2.4.2 and FTPFS 0.1.1) . The author is aware of that vulnerability. Best regards, -- -=- Frank DENIS aka Jedi/Sector One < [EMAIL PROTECTED] > -=- LINAGORA SA (Paris, France) : http://www.linagora.com
Buffer oveflow in FTPFS (linux kernel module)
Frank DENIS (Jedi/Sector One) Wed, 14 Mar 2001 00:10:56 -0800
