BugTraq
Microsoft FTP Client Multiple Bufferoverflow Vulnerability Nov 28 2007 06:12AM
Rajesh Sethumadhavan (rajesh sethumadhavan yahoo com) (1 replies)
Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Nov 29 2007 11:46AM
3APA3A (3APA3A SECURITY NNOV RU) (1 replies)
Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Nov 29 2007 10:19PM
Valdis Kletnieks vt edu (3 replies)
Re[2]: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Nov 30 2007 09:48AM
3APA3A (3APA3A SECURITY NNOV RU)
Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Nov 30 2007 08:44AM
Vincent Archer (varcher denyall com)
Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Nov 29 2007 11:09PM
Steve Shockley (steve shockley shockley net) (1 replies)
Valdis.Kletnieks (at) vt (dot) edu [email concealed] wrote:
>> An attacker who can convince an user to extract a specially crafted
>> archive can overwrite arbitrary files with the permissions of the user
>> running gtar. If that user is root, the attacker can overwrite any
>> file on the system.
>
> Apparently, somebody at FreeBSD thinks "can be exploited if you trick the
> user into doing something" is a valid attack vector.

The difference is that I'd be surprised when I got 0wned by unpacking an
archive, and not all that surprised when I got 0wned by running a random
executable (script) file.

[ reply ]
Re[2]: Microsoft FTP Client Multiple Bufferoverflow Vulnerability Nov 30 2007 12:18AM
Matthew Leeds (mleeds theleeds net)


 

Privacy Statement
Copyright 2010, SecurityFocus