Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability

To: "Valdis.Kletnieks@xxxxxx" <Valdis.Kletnieks@xxxxxx>
Subject: Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability
From: Vincent Archer <varcher@xxxxxxxxxxx>
Date: Fri, 30 Nov 2007 09:44:20 +0100
Cc: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>, Rajesh Sethumadhavan <rajesh.sethumadhavan@xxxxxxxxx>, "bugtraq@xxxxxxxxxxxxxxxxx" <bugtraq@xxxxxxxxxxxxxxxxx>
In-reply-to: <7366.1196374789@xxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <261966.44430.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <1066197146.20071129144606@xxxxxxxxxxxxxxxx> <7366.1196374789@xxxxxxxxxxxxxxxxxxxxxxx>

On Thu, 2007-11-29 at 23:19 +0100, Valdis.Kletnieks@xxxxxx wrote:
> On Thu, 29 Nov 2007 14:46:06 +0300, 3APA3A said:
> >  In  order to exploit this vulnerability you need to force victim to run
> >  attacker-supplied   BAT   file.   It's   like   forcing   user  to  run
> >  attacker-supplied  .sh script under Unix.
> 
> And oddly enough, the *very next mail* from Bugtraq said:
> 
> > FreeBSD-SA-07:10.gtar                                       Security 
> > Advisory
> >                                                           The FreeBSD 
> > Project
> 
> > Topic:          gtar directory traversal vulnerability
> ...
> > III. Impact
> 
> > An attacker who can convince an user to extract a specially crafted
> > archive can overwrite arbitrary files with the permissions of the user
> > running gtar.  If that user is root, the attacker can overwrite any
> > file on the system.
> 
> Apparently, somebody at FreeBSD thinks "can be exploited if you trick the
> user into doing something" is a valid attack vector.

Considering most tar versions have specific protections to avoid this very
problem (namely, tar extracting a file outside of the directory hierarchy
where it is executed), then yes, it is a problem.

Even if you happen to think the root cause of all computing evil is what
is between the chair and the keyboard, trojans are a valid attack
vector.

-- 
         Vincent ARCHER                           Email:  archer@xxxxxxxxx

All men are mortal.  Socrates was mortal.  Therefore, all men are Socrates.
                                                        (Woody Allen)

References:
- Microsoft FTP Client Multiple Bufferoverflow Vulnerability
  - From: Rajesh Sethumadhavan
- Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability
  - From: 3APA3A
- Re: Microsoft FTP Client Multiple Bufferoverflow Vulnerability
  - From: Valdis . Kletnieks

Prev by Date: [ MDKSA-2007:224-3 ] - Updated samba packages fix regressions
Next by Date: DOS in Realplayer 11 ActiveX on Win Vista and Win XP SP2
Previous by thread: Re[2]: Microsoft FTP Client Multiple Bufferoverflow Vulnerability
Next by thread: Re[2]: Microsoft FTP Client Multiple Bufferoverflow Vulnerability
Index(es):
- Date
- Thread