Date: Mon, 4 Aug 2003 18:13:22 -0500 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: freebsd-security@FreeBSD.org Subject: Re: IMPORTANT FOR lukemftpd USERS (was Re: FreeBSD Security Advisory FreeBSD-SA-03:08.realpath) Message-ID: <20030804231322.GA11458@madman.celabo.org> In-Reply-To: <20030804223511.GC11083@madman.celabo.org> References: <200308040004.h7404VVL030671@freefall.freebsd.org> <20030804223511.GC11083@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Aug 04, 2003 at 05:35:11PM -0500, Jacques A. Vidrine wrote: > I have a correction to make regarding the above text. In the case of > lukemftpd (and lukemftpd only), in some situations the vulnerability > may be used to execute code with _superuser privileges_. > > If lukemftpd is NOT invoked with `-r', then it does NOT completely > drop privileges when a user logs in. Thus, a successful exploit will > be able to regain superuser privileges. (By the way, it was Robert Watson <rwatson@FreeBSD.org> who encouraged me to look at this a second time.) [...] > I would normally immediately publish a revised advisory with this > additional information, however lukemftpd is neither built nor > installed by default. Since that is the case, I will probably wait a > few days before revision in case further useful information comes to > light. Colin Percival <colin.percival@wadham.ox.ac.uk> pointed out that lukemftpd actually *did* ship with 4.7-RELEASE (!!), so I will be sending out a revision sooner rather than later. Cheers, -- Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal nectar@celabo.org . jvidrine@verio.net . nectar@freebsd.org . nectar@kth.se
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030804231322.GA11458>