Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Unix :: General :: unix4887.htm

frox buffer overflow



30th Nov 2001 [SBWID-4887]
COMMAND

	frox buffer overflow

SYSTEMS AFFECTED

	frox 0.6.x

PROBLEM

	On frox@hollo.org dev list :
	

	There is an error in calculating the necessary size for  a  buffer  into
	which cache file header information is written when frox is caching  ftp
	retrievals. This buffer is written into with sprintf, and  may  overflow
	if a hostile ftp server returns a  long  string  in  reply  to  an  MDTM
	request when retrieving a file with a long pathname.  This  could  allow
	arbitrary code to be executed as the user under which  frox  is  running
	(normally not root). There is not currently any known exploit  code  for
	this vulnerability.
	

	An installation is vulnerable if  it  is  running  frox  versions  0.6.0
	through 0.6.6, it has the local caching method selected  in  the  config
	file, and clients make an anonymous ftp  connection  to  a  hostile  ftp
	server and attempt to download a file with a long pathname.
	

	The  vulnerability  only  exists  if  local  caching  is  enabled   (ie.
	\"CacheModule Local\" is set in the config file),  and  commenting  this
	out provides a temporary workaround.

SOLUTION

	Update from :
	 

	http://frox.sourceforge.net/

	http://www.hollo.org/frox

	


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH