BugTraq
Microsoft FTP Client Multiple Bufferoverflow Vulnerability Nov 28 2007 06:12AM
Rajesh Sethumadhavan (rajesh sethumadhavan yahoo com) (1 replies)
Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Nov 29 2007 11:46AM
3APA3A (3APA3A SECURITY NNOV RU) (1 replies)
Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Nov 29 2007 10:19PM
Valdis Kletnieks vt edu (3 replies)
On Thu, 29 Nov 2007 14:46:06 +0300, 3APA3A said:
> In order to exploit this vulnerability you need to force victim to run
> attacker-supplied BAT file. It's like forcing user to run
> attacker-supplied .sh script under Unix.

And oddly enough, the *very next mail* from Bugtraq said:

> FreeBSD-SA-07:10.gtar Security Advisory
> The FreeBSD Project

> Topic: gtar directory traversal vulnerability
...
> III. Impact

> An attacker who can convince an user to extract a specially crafted
> archive can overwrite arbitrary files with the permissions of the user
> running gtar. If that user is root, the attacker can overwrite any
> file on the system.

Apparently, somebody at FreeBSD thinks "can be exploited if you trick the
user into doing something" is a valid attack vector.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001

iD8DBQFHTzsFcC3lWbTT17ARAruYAJ9BrX43uGuAS4fLRSaXkf/p68hS5gCfXe3C
FFSe58SoIwYNH+N+hjebjSA=
=h4PB
-----END PGP SIGNATURE-----

[ reply ]
Re[2]: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Nov 30 2007 09:48AM
3APA3A (3APA3A SECURITY NNOV RU)
Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Nov 30 2007 08:44AM
Vincent Archer (varcher denyall com)
Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Nov 29 2007 11:09PM
Steve Shockley (steve shockley shockley net) (1 replies)
Re[2]: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Nov 30 2007 12:18AM
Matthew Leeds (mleeds theleeds net)


 

Privacy Statement
Copyright 2010, SecurityFocus