BSD ftpd Site EXEC Race Condition

1993-03-01T00:00:00
ID OSVDB:8720
Type osvdb
Reporter Karl Strickland(), Neil Woods()
Modified 1993-03-01T00:00:00

Description

Vulnerability Description

BSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious attacker uses the SITE EXEC command to execute an arbitrary binary in /bin that is capable of giving access to an executable outside of /bin. This flaw may lead to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, BSDI has released a patch to address this vulnerability.

Short Description

BSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious attacker uses the SITE EXEC command to execute an arbitrary binary in /bin that is capable of giving access to an executable outside of /bin. This flaw may lead to a loss of integrity.

References:

Snort Signature ID: 361 Related OSVDB ID: 8719 Nessus Plugin ID:10090 ISS X-Force ID: 55 CVE-1999-0955 CIAC Advisory: e-17 CERT: CA-1994-08