Comfortable FTP (cftp) readrc() Function Local Overflow

2007-03-19T08:33:50
ID OSVDB:35203
Type osvdb
Reporter OSVDB
Modified 2007-03-19T08:33:50

Description

Technical Description

The program cftp is not SUID/SGID by default and can not be leveraged for additional privileges as a result of a default installation. This vulnerability only manifests if an administrator adds SUID or SGID privileges to the program, or if another program invokes it with increased privileges.

References:

Vendor URL: http://ftp.giga.or.at/pub/nih/cftp/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0274.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-03/0260.html