IMPORTANT FOR lukemftpd USERS (was Re: FreeBSD Security
Advisory FreeBSD-SA-03:08.realpath)
Jacques A. Vidrine
nectar at FreeBSD.org
Mon Aug 4 16:13:24 PDT 2003
On Mon, Aug 04, 2003 at 05:35:11PM -0500, Jacques A. Vidrine wrote:
> I have a correction to make regarding the above text. In the case of
> lukemftpd (and lukemftpd only), in some situations the vulnerability
> may be used to execute code with _superuser privileges_.
>
> If lukemftpd is NOT invoked with `-r', then it does NOT completely
> drop privileges when a user logs in. Thus, a successful exploit will
> be able to regain superuser privileges.
(By the way, it was Robert Watson <rwatson at FreeBSD.org> who encouraged
me to look at this a second time.)
[...]
> I would normally immediately publish a revised advisory with this
> additional information, however lukemftpd is neither built nor
> installed by default. Since that is the case, I will probably wait a
> few days before revision in case further useful information comes to
> light.
Colin Percival <colin.percival at wadham.ox.ac.uk> pointed out that
lukemftpd actually *did* ship with 4.7-RELEASE (!!), so I will be
sending out a revision sooner rather than later.
Cheers,
--
Jacques Vidrine . NTT/Verio SME . FreeBSD UNIX . Heimdal
nectar at celabo.org . jvidrine at verio.net . nectar at freebsd.org . nectar at kth.se
More information about the freebsd-security
mailing list