[Full-disclosure] cftp 0.12 (readrc) Local buffer overflow vulnerability
3APA3A
3APA3A at SECURITY.NNOV.RU
Tue Mar 20 14:23:10 GMT 2007
Dear starcadi,
A very effective way for user to exploit himself. How can you elevate
your privileges this way? Is cftp suid?
--Tuesday, March 20, 2007, 12:52:13 AM, you wrote to full-disclosure at lists.grok.org.uk:
s> Description:
s> CFTP is Comfortable FTP, a full screen ftp client.
s> Proof of concept:
s> $ export HOME=`perl -e "print 'A'x8200"`
s> $ cftp
s> Segmentation fault
s> $
--
~/ZARAZA http://securityvulns.com/
Неприятности начнутся в восемь. (Твен)
Full-Disclosure is hosted and sponsored by Secunia.