Re: FLAME - security advisories on the 23rd ? uncool idea is unc

On Dec 23, 2011, at 11:25 AM, Stephen Montgomery-Smith wrote:

> On 12/23/2011 10:56 AM, Mike Tancsa wrote:
>=20
>> Also, the chroot issue has been public for some time along with =
sample
>> exploits. Same with BIND which was fixed some time ago.  Judgment =
call,
>> and I think they made the right call at least from my perspective.
>=20
> It is this chroot issue that bothers me.  =46rom my reading of the =
ftpd man page, if I have anonymous ftp to my server, it seems that I am =
using chroot with ftpd, and there is no way to stop this happening.
>=20
> Am I correct, or have I missed something?  (I am hoping I missed =
something.)

I think that to exploit the ftpd chroot issue, the attacker must have =
the ability to create an /etc/nsswitch.conf (if it doesn't already =
exist), and then requires installing a malicious shared library file in =
the chroot /lib, /usr/lib, or /usr/local/lib directory. Local users who =
have chroot configured on their home directory for FTP access could =
probably exploit this.

If your anonymous FTP directories are setup correctly, in particular so =
that anonymous users have no write access, and if local users can't =
corrupt that configuration (such as by changing owners or permissions of =
directories in the anonymous chroot area), then I wouldn't expect this =
to be exploitable.

Still, I would install the update as soon as possible=85

Guy=
--------
This message has been scanned by ComplianceSafe, powered by Palisade's PacketSure.
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"