Date: Tue, 13 Mar 2001 15:24:14 +0100 From: "Frank DENIS (Jedi/Sector One)" <j@4U.NET> Subject: Buffer oveflow in FTPFS (linux kernel module) To: BUGTRAQ@SECURITYFOCUS.COM FTPFS (http://sourceforge.net/projects/ftpfs) is a Linux kernel module, enhancing VFS with FTP volume mounting capabilities. However, it has insufficient bounds checking. If a user can enter mount options through a wrapper, he can take over the whole system, even with restricted capabilities. Here's a simple exploit : mount -t ftpfs none /mnt -o ip=127.0.0.1,user=xxxxxxxxxxxxxxxxxxxxxxxxxxxx... The previous command produces an immediate reboot (tested with kernel 2.4.2 and FTPFS 0.1.1) . The author is aware of that vulnerability. Best regards, -- -=- Frank DENIS aka Jedi/Sector One < spam@jedi.claranet.fr > -=- LINAGORA SA (Paris, France) : http://www.linagora.com