NetBSD ftpchroot分析漏洞

漏洞信息详情

NetBSD ftpchroot分析漏洞

• CNNVD编号：CNNVD-200005-098
• 危害等级： 低危
  
  
• CVE编号：
  CVE-2000-0462
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  2000-05-28
  
• 威胁类型：
  
  
  本地
  
• 更新时间：
  
  2005-05-02
  
• 厂        商：
  
  netbsd
• 漏洞来源：
  First published in…

NetBSD 1.4.2版本中ftpd无法正确解析/etc/ftpchroot条目，chroot指定用户。用户利用此漏洞可以访问主目录之外的其他文件。

From the advisory:
This problem affects only NetBSD-1.4.2 and versions of NetBSD-current
between 19990930 and 19991212; it does not affect NetBSD-1.4.1 or
earlier, or versions of NetBSD-current after 19991212 or before 19990930.
If you do not need to use /etc/ftpchroot, you do not need to take any
action.
If you’re running NetBSD-current fetched between the above dates,
update to a newer version of NetBSD-current.
If you’re runing NetBSD-1.4.2, fetch the following patch, apply it to
src/libexec/ftpd/ftpd.c using the patch(1) command, rebuild and
reinstall ftpd, and kill off any existing FTP daemons (to ensure that
any improperly granted access is revoked).
ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/patches/20000527-ftpd
Since the patch is small, it is reproduced inline here:
*** ftpd.c 1999/10/01 12:08:06 1.61.2.1
– — ftpd.c 2000/05/11 10:14:37 1.61.2.2
***************
*** 489,496 ****
if (glob == NULL || glob[0] == ‘#’)
continue;
perm = strtok(NULL, ” \t\n”);
– – if (perm == NULL)
– – continue;
if (fnmatch(glob, name, 0) == 0) {
if (perm != NULL &&
((strcasecmp(perm, “allow”) == 0) ||
– — 489,494 —-

来源: BID
名称: 1273
链接:http://www.securityfocus.com/bid/1273

来源: OSVDB
名称: 1366
链接:http://www.osvdb.org/1366

来源: NETBSD
名称: NetBSD-SA2000-006
链接:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-006.txt.asc