Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16141
HistoryFeb 22, 2007 - 12:00 a.m.

/bin/ls with gid=0 in Debian linux-ftpd

2007-02-2200:00:00
vulners.com
21

Mea culpa. A stupid little bug crept into linux-ftpd for Debian, and
some other Linux distros. Some may have fixed it, but Debian hasn't.
The effect is that ftpd now runs /bin/ls (for DIR and similar commands)
with GID=0. Does not seem terribly dangerous as I do not seem able to
trick ls into running anything, nor are there any interesting objects
thusly accessible. Would become a "root hole" if someone finds a way
to execute anything from /bin/ls (as started from ftpd).

Please see

http://bugs.debian.org/384454

for details.

Cheers,

Paul Szabo [email protected] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia