BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
/bin/ls with gid=0 in Debian linux-ftpd Feb 20 2007 11:24PM
Paul Szabo (psz maths usyd edu au)
Mea culpa. A stupid little bug crept into linux-ftpd for Debian, and
some other Linux distros. Some may have fixed it, but Debian hasn't.
The effect is that ftpd now runs /bin/ls (for DIR and similar commands)
with GID=0. Does not seem terribly dangerous as I do not seem able to
trick ls into runnin...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus