Gentoo Logo

Netkit FTP Server: Privilege escalation

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200611-05 / ftpd
Release Date November 10, 2006
Latest Revision December 30, 2007: 02
Impact high
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
net-ftp/netkit-ftpd < 0.17-r4 >= 0.17-r4 All supported architectures

Related bugreports: #150292

Synopsis

An incorrect seteuid() call could allow an FTP user to access some files or directories that would normally be inaccessible.

2.  Impact Information

Background

net-ftp/netkit-ftpd is the Linux Netkit FTP server with optional SSL support.

Description

Paul Szabo reported that an incorrect seteuid() call after the chdir() function can allow an attacker to access a normally forbidden directory, in some very particular circumstances, for example when the NFS-hosted targetted directory is not reachable by the client-side root user. Additionally, some potentially exploitable unchecked setuid() calls were also fixed.

Impact

A local attacker might craft his home directory to gain access through ftpd to normally forbidden directories like /root, possibly with writing permissions if seteuid() fails and if the ftpd configuration allows that. The unchecked setuid() calls could also lead to a root FTP login, depending on the FTP server configuration.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All Netkit FTP Server users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-ftp/netkit-ftpd-0.17-r4"

4.  References



Print

Page updated November 10, 2006

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.